Answer Posted / sachin
"An attack technique used to exploit web sites by altering
backend SQL statements through manipulating application
input."
SQL Injection happens when a developer accepts user input
that is directly placed into a SQL Statement and doesn't
properly filter out dangerous characters. This can allow an
attacker to not only steal data from your database, but
also modify and delete it. Certain SQL Servers such as
Microsoft SQL Server contain Stored and Extended Procedures
(database server functions). If an attacker can obtain
access to these Procedures it may be possible to compromise
the entire machine. Attackers commonly insert single qoutes
into a URL's query string, or into a forms input field to
test for SQL Injection. If an attacker receives an error
message like the one below there is a good chance that the
application is vulnerable to SQL Injection.
Is This Answer Correct ? | 1 Yes | 0 No |
Post New Answer View All Answers
Can anybody give me some tips on how to face telephonic interview and Write some expected telephonic questions as a 2+yr exp. in testing. Try to give Ques. that u already hv faced in telephone. Plz Help me out friends.
i want information about API testing and i want info like how process can be done in company? i want added info like coding ,debugging, desing in c.v ? what should add in c.v for eg banking domin? pls any answer my question?
How do u prepare test environment for ur application?
How can a LOG for testcases be maitained which can give information about a TestCase that is it new one or has been occured in previous versions of the software.
Can you explain boundary value analysis?
What is mean by multi-threading testing?
Could anyone share FAQs for Test Manager position...
where do we work with Application, web and Database servers Means which type of applications.
any one giv test cases for wordpad using equivalence class partioning
hi friends, i have completed course and project on insurance domain in mindq testing institution...can any working employee please tell me ,which notes( testing subject notes,project notes)i have to prefer first.i was studied both notes and getting confussion.one of my friend got job throughly only project notes and said that project notes is enough to get job.in which way ,i have to prepare interview( which important topics first ), if you are follow any strategy to interview purpose,pls send me important topics list.
Our software designers use UML for modeling applications. Based on their use cases, we would like to plan a test strategy. Do you agree with this approach or would this mean more effort for the testers.
what is the difference between website and web based application ?
Hi, Anybody knows about Hexaware company..
What type of projects can include in Logistics Domain? and what is the type of domain for project which include Driving license renewal, Different type of title registration etc...
why use caffine for HPLC calibration ?