Security Beginner

What is SQL Injection?

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

SQL injection occurs when user input is directly concatenated into SQL queries without sanitization. An attacker might enter ' OR 1=1 -- as a username, bypassing authentication or extracting data.

Prevention methods include parameterized queries (prepared statements), input validation, least-privilege database accounts, and ORM usage. SQL injection remains one of the OWASP Top 10 vulnerabilities and can lead to complete database compromise.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

A security model that requires strict identity verification for every user and device, regardless of their network location.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

Penetration Testing

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

View All Security Terms →