One of the most popular types of online attacks is known as SQL injection, sometimes abbreviated as SQLi. These attacks involve the insertion of database code using Structured Query Language (SQL), where attackers can retrieve data from databases or overwrite existing data.

You might be surprised to learn that, according to OWASP (the Open Web Application Security Project), which is a charitable organization that promotes the securing of software, SQLi was the number one threat to online services in 2013, and listed as the most common threat at https://www.owasp.org/index.php/Top_10_2013-Top_10.

This chapter looks at what these attacks involve, how to protect your websites against them, and finally how to launch them yourself for the purposes of penetration testing.

Needless to say, this is a wide and complex area that requires a degree of background knowledge to carry out more sophisticated attacks. You might be surprised how easy it is, however, having run only a handful of commands and with only a little database knowledge, to bring a vulnerable online service to its knees. For that reason alone, it's imperative that IT professionals be aware of the risks that SQL injections pose and how to mitigate their effects.