Wednesday, December 3, 2014

SQL Injection Attack – Injecting Harmful/Malicious SQL Code

SQL Injection Attack & Its Types

 Similar to other things SQL also has two sides, one good and the other bad. On one side the programming language is used for management of relational database whereas on the other it can also be utilized for execution of malicious attacks by attackers. One example is SQL injection attack, by means of which malicious codes are injected into the server and then into the SQL database. This results in extraction of useful and valuable information from the system by backdoor. The attack generally affects the link between a server and client-mostly a web server, where security layers such as SSL, TLS, etc. are not utilized, and the browser. This is because normally data exchanged between web browsers and web servers is in the form of plain text-which leaves users vulnerable to eavesdropping. In such cases attacker are able to intercept all data being shared.