From the course: Cisco CCNP Security SCOR v1.1 (350-701) Cert Prep

Unlock this course with a free trial

Join today to access over 24,800 courses taught by industry experts.

SQL injection

SQL injection

From the course: Cisco CCNP Security SCOR v1.1 (350-701) Cert Prep

Start my 1-month free trial Buy for my team

SQL injection

- [Instructor] We've previously mentioned SQL injection as a common type of threat against our network resources. So here I want to expand on that just a bit and take a practical look at how that happens. SQL injection is a technique used to attack a web server by entering portions of valid SQL statements in a form entry field in an attempt to get the website to pass this command into the database. This will potentially allow the attacker to see the contents of the database displayed in the browser itself. The actual vulnerability is caused by errors in the programming code. When a website or web application does not validate or filter the entry values being put into a web form before attempting to execute the entry, this is what allows for circumstances where malicious code can be ran and a database compromised. Now here I'm running an instance of DVWA in Kali Linux so that we can take a look at this in action. This is a practice SQL web application that you can use for free in order…

Contents