SQL Injection

GPTKB entity

Statements (32)
Predicate Object
gptkbp:instanceOf Attack technique
Cybersecurity vulnerability
gptkbp:affects Databases
gptkbp:can_be_tested_with gptkb:Burp_Suite
Manual testing
SQLMap
gptkbp:canBe Privilege escalation
Bypassing authentication
Extracting sensitive data
gptkbp:cause Unauthorized access
Data deletion
Data modification
Data leakage
gptkbp:detects Security scanners
Web application firewalls
gptkbp:exploits Improperly sanitized user input
gptkbp:firstDescribed 1998
gptkbp:heldBy Common web vulnerability
https://www.w3.org/2000/01/rdf-schema#label SQL Injection
gptkbp:listedOn gptkb:OWASP_Top_10
gptkbp:prevention Input validation
Stored procedures
ORM frameworks
Parameterized queries
gptkbp:relatedTo gptkb:Cross-site_scripting
Command injection
gptkbp:riskFactor Applications lacking input sanitization
Applications with dynamic SQL
Legacy applications
gptkbp:target Web applications
gptkbp:bfsParent gptkb:fire
gptkbp:bfsLayer 4