O'Reilly logo

Mastering C# and .NET Framework by Marino Posadas

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A1 – injection

The injection threat is always based on input data from the user. An interpreter will take this information and, presumably, incorporate the data into the normal flow of a sentence that is to be executed behind the scenes.

So, the key here is that potential attacks should know the engine they're trying to surpass. However, the three main engines mentioned by A1 are SQL, OS, and LDAP, the first one being the most common (and that's why it's the most dangerous).

SQL injection

SQL injection is, perhaps, the most well-known of them all. It's based on some characteristics of the SQL language:

  • Several sentences can be linked together, separated by a semicolon (;)
  • You can insert an inline comment with a double dash (--)
  • The programmer doesn't ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required