Date Added: Apr 2012
Structured Query Language (SQL) injection is one of the most devastating vulnerabilities to impact a business, as it can lead to the exposure of sensitive information stored in an application's database. SQL Injection can compromise usernames, passwords, addresses, phone numbers, and credit card details. It is the vulnerability that results when an attacker achieves the ability to influence SQL queries that an application passes to a back-end database. The attacker can often leverage the syntax and capabilities of SQL, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database to compromise the web application.