SQL injection

- [Kevin] Appsec tutorials, SQL Injection About this course. SQL injection is a technique by which a hacker can alter the logic of a SQL query before it is sent to an interpreter. To get the most out of this course, if you haven't already done so, we recommend that you take our Introduction to Web Application Security course first. At the end of this course, you will understand the risks associated with SQL injection and be able to defend against instances of this flaw. Hello, my name is Kevin Richard, and I'm a security researcher at Veracode. I'm here to demonstrate for you how a basic SQL injection flaw can be exploited. We'll be using the Verainsecure Java web application in order to show you this attack. The first thing I'll do is to come in and try to find any potential entry points to use for a SQL injection. Since this is a lab environment, I won't have to search very hard. I'll simply navigate to the SQL Injection Lab. Now, whenever I see an input field, the very first thing…