KRSP - SQL Injection

Hacking Websites with SQL Injection

Here is an easy to understand video describing how SQL Injections work from Computerphile explained by Tom Scott.

One of the biggest mistake made by newbie web developers is not properly sanitizing data input by users. When creating web forms that allow users to input data into a database you are allowing your web application to interact with the database. If you’re not careful you could give a user the ability to read, write, modify and delete records or even worse delete your entire database.

Another major mistake made by unskilled developers is granting ALL privileges to the database user account that is used by the application to connect to the database. When creating a database account for application interaction use the least privilege model. Only grant the privileges necessary to perform the function required by the application. You wouldn’t use a chainsaw to cut a sandwich in half would you (it sounds cool but trust me it ain’t pretty)?

The video below is a good starting point for those who want a quick breakdown of a SQL Injection. Add what you learn from this video to your security toolbox and continue expanding it.

Share this post