SQL Injection

SQL Injection

An attack technique where an attacker tries to make an application execute unauthorised (or unintended) SQL.

For more information see:

• www.sqlsecurity.com/faq-inj.asp
• www.sqlsecurity.com/FAQs/SQLInjectionFAQ/tabid/56/Default.aspx - SQL injection FAQ.
• advanced_sql_injection.pdf - Paper dealing with different techniques of SQL injection related to Microsoft SQL Server.
• http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ - SQL injection cheet sheet.