Description: SQL Injection is probably one of the most common vulnerabilities in web applications. SQL injection becomes feasible when user input is not filtered properly and is fed "as is" into a database query. This results in allowing a hacker to run queries of his choice on the database and hence exploit it. In this video, Brian Contos, the Chief Security Strategist at Imperva, a web application security product company, takes us through the basics of SQL injection. He uses a shopping cart like application called SuperVeda (unfortunately I could not find a downloadable copy of this on their website ) in his demo to demonstrate how an E-commerce website can be compromised and user data stolen using SQL Injection. He also speaks about SQL Injection signature evasion techniques which can be used to evade Web application Intrusion Detcetion Systems.
Here is a link to their blog. I especially found their glossary of web application vulnerabilities very interesting and useful. If someone from Imperva ever reads this, please do consider making the SuperVeda application open source to help the community.
1. SQL Injection Basics Demonstration Part 1:
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.