Vulnerability
Description
SQL Injection is a kind of method used by hackers to access, modify and delete the data from the database. By leveraging SQL Injection hackers will also be able to bypass authentication and access unauthorized data from databases. Potentially allowing an attacker to escalate to more damaging attacks inside the network where the application is hosted.
Recommendation
- Use of prepared statements (with parameterized queries)
- Use of stored procedures
- Whitelist input validation
- Escaping all user-supplied input
- Enforcing least privilege
- Performing whitelist input validation as a secondary defence
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
