Statements (32)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Attack technique
Cybersecurity vulnerability |
gptkbp:affects |
Databases
|
gptkbp:can_be_tested_with |
gptkb:Burp_Suite
Manual testing SQLMap |
gptkbp:canBe |
Privilege escalation
Bypassing authentication Extracting sensitive data |
gptkbp:cause |
Unauthorized access
Data deletion Data modification Data leakage |
gptkbp:detects |
Security scanners
Web application firewalls |
gptkbp:exploits |
Improperly sanitized user input
|
gptkbp:firstDescribed |
1998
|
gptkbp:heldBy |
Common web vulnerability
|
https://www.w3.org/2000/01/rdf-schema#label |
SQL Injection
|
gptkbp:listedOn |
gptkb:OWASP_Top_10
|
gptkbp:prevention |
Input validation
Stored procedures ORM frameworks Parameterized queries |
gptkbp:relatedTo |
gptkb:Cross-site_scripting
Command injection |
gptkbp:riskFactor |
Applications lacking input sanitization
Applications with dynamic SQL Legacy applications |
gptkbp:target |
Web applications
|
gptkbp:bfsParent |
gptkb:fire
|
gptkbp:bfsLayer |
4
|