Statements (63)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:CEO
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-200
gptkb:CWE-74 |
| gptkbp:category |
Security.
|
| gptkbp:countermeasures |
Use ORM frameworks.
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:discovered_by |
1998.
|
| gptkbp:example |
Login forms, search fields.
An attacker can submit a malicious SQL query to manipulate the database. |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-89
|
| gptkbp:impact |
Allows attackers to interfere with the queries that an application makes to its database.
|
| gptkbp:is_described_as |
A code injection technique that exploits a security vulnerability occurring in the database layer of an application.
|
| gptkbp:is_often_used_in |
Web applications.
|
| gptkbp:is_protected_by |
Input validation and sanitization.
Use parameterized queries or prepared statements. |
| gptkbp:is_referenced_in |
OWASP Top Ten.
|
| gptkbp:is_vulnerable_to |
Manipulating SQL queries.
Untrusted user input. |
| gptkbp:name |
SQL Injection
|
| gptkbp:notable_event |
Adobe data breach.
Anthem data breach. Ashley Madison breach. British Airways data breach. Capital One breach. Capital One data breach. Cedar data breach. Centrica data breach. Cleveland Clinic data breach. Cox Communications data breach. Equifax data breach. Experian data breach. Facebook Messenger data breach. Facebook data breach. Fling data breach. Heartland Payment Systems breach. Home Depot data breach. Linked In data breach. MGM Resorts data breach. Marriott International data breach. Marriott data breach. My Fitness Pal data breach. Quora data breach. Reddit data breach. Scripps Health data breach. Snapchat data breach. Sony Play Station Network breach. T-Mobile USA data breach. T-Mobile data breach. Target Corporation data breach. Target data breach. Twitter data breach. Uber data breach. Yahoo data breach. Zynga data breach. e Bay data breach. |
| gptkbp:related_to |
gptkb:CWE-601
gptkb:CWE-74 gptkb:CWE-77 gptkb:CWE-20 |
| gptkbp:supports |
Any system using SQL databases.
|
| gptkbp:sustainability_initiatives |
Educate developers on secure coding practices.
|
| gptkbp:type |
Injection.
|