In this chapter, you will see that exploiting buffer overflow vulnerabilities in C programs is not the only way for an attacker to take control of a running system. Rather, an attacker might exploit a different class of vulnerabilities that can arise when untrusted data is evaluated in the context of a command or query language. Here, you’ll study SQL injection vulnerabilities as an example of this class of security issues. SQL injection vulnerabilities can affect applications that use untrusted input in an SQL query made to a database back end without taking precautions to sanitize the data.


Regular Expression Prepared Statement Bind Variable Injection Attack Credit Card Number 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Neil Daswani, Christoph Kern, and Anita Kesavan 2007

Personalised recommendations