Statements (32)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Attack technique
Cybersecurity vulnerability |
| gptkbp:affects |
Databases
|
| gptkbp:can_be_tested_with |
gptkb:Burp_Suite
Manual testing SQLMap |
| gptkbp:canBe |
Privilege escalation
Bypassing authentication Extracting sensitive data |
| gptkbp:cause |
Unauthorized access
Data deletion Data modification Data leakage |
| gptkbp:detects |
Security scanners
Web application firewalls |
| gptkbp:exploits |
Improperly sanitized user input
|
| gptkbp:firstDescribed |
1998
|
| gptkbp:heldBy |
Common web vulnerability
|
| https://www.w3.org/2000/01/rdf-schema#label |
SQL Injection
|
| gptkbp:listedOn |
gptkb:OWASP_Top_10
|
| gptkbp:prevention |
Input validation
Stored procedures ORM frameworks Parameterized queries |
| gptkbp:relatedTo |
gptkb:Cross-site_scripting
Command injection |
| gptkbp:riskFactor |
Applications lacking input sanitization
Applications with dynamic SQL Legacy applications |
| gptkbp:target |
Web applications
|
| gptkbp:bfsParent |
gptkb:fire
|
| gptkbp:bfsLayer |
4
|