Security Beginner

What is SQL Injection?

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

SQL injection occurs when user input is directly concatenated into SQL queries without sanitization. An attacker might enter ' OR 1=1 -- as a username, bypassing authentication or extracting data.

Prevention methods include parameterized queries (prepared statements), input validation, least-privilege database accounts, and ORM usage. SQL injection remains one of the OWASP Top 10 vulnerabilities and can lead to complete database compromise.

Related Terms

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

View All Security Terms →