In this chapter, you will see that exploiting buffer overflow vulnerabilities in C programs is not the only way for an attacker to take control of a running system. Rather, an attacker might exploit a different class of vulnerabilities that can arise when untrusted data is evaluated in the context of a command or query language. Here, you’ll study SQL injection vulnerabilities as an example of this class of security issues. SQL injection vulnerabilities can affect applications that use untrusted input in an SQL query made to a database back end without taking precautions to sanitize the data.
KeywordsRegular Expression Prepared Statement Bind Variable Injection Attack Credit Card Number
Unable to display preview. Download preview PDF.