16-08-2017, 02:42 PM
SQL Injection is a code injection technique used to attack data-driven applications in which nefarious SQL statements are inserted into an input field for execution (for example, to dump the contents of the database to the Attacker). SQL injection should exploit a security vulnerability in an application's software, for example, when user input is incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not written strongly and Is executed unexpectedly. SQL injection is primarily known as an attack vector for websites but can be used to attack any type of SQL database.
SQL injection attacks allow attackers to forge identity, manipulate existing data, cause rejection problems such as nullifying transactions or changing balances, allowing full disclosure of all system data, destroying data or making them base server of data. In a 2012 study, it was noted that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries.