SQL Injection

SQL injection”” is a vulnerability (vulnerability) that occurs when SQL is used for database access from a Web application, and there are incompleteness in calling. For example, “”inquiry form”” installed on the website enters personal information such as name and contact information, but if the countermeasure is not sufficient, an SQL statement including illegal processing is executed, it is saved in the database There is an influence such as information being illegally browsed. ■ Example of the impact of SQL injection attack · Viewing and taking out information stored in the database (leakage of information) · Rewriting / erasing information saved in the database (falsification of information) Illegal login avoiding authentication · Execute arbitrary OS command on the database server Such An effective measure against these threats is the introduction of WAF (Web Application Firewall / Web Application Firewall). By using WAF, SQL injection attack can be prevented.

Video What is SQL_Injection?