Sql Injection Is A Web Application Security Vulnerability

1845 Words Mar 15th, 2016 8 Pages
Background of SQL Injection
SQL Injection is a web application security vulnerability that an attacker can submit a database SQL command which is executed by web applications in order to expose the back-end database. SQL injection have been described as one of the most critical threats for Web applications as they are vulnerable to allow an attacker to gain complete access to the underlying database as well as organizations being breached by SQL injection attacks that slip through the firewall over ports such as port 80 (HTTP) or 443 (SSL) to internal networks and vulnerable databases. These databases often contain sensitive user information which can result in security violations such as loss of confidential information, identify theft and fraud.
Definition of SQL Injection
Most of the web applications today use multi-tier design, with three tiers: Presentation, Application and Data tier. The Presentation tier is the topmost level of the application. It displays information related to services such as browsing merchandise and purchasing contents as well as communicate with other tiers to put out the results to the browser tier and all other tiers in the network. (HTTP web interface). The Application tier controls the application’s functionality by performing detailed processing. (Implement software functionality). As for the Data tier, it keeps all data structured and responds request from Application tier, and eventually back to the user. Large companies usually develop…
Open Document