Which of the following practices makes web applications vulnerable to SQL injection attacks?

Which of the following practices makes web applications vulnerable to SQL injection attacks?
A . Use the most restrictive SQL account types for applications
B . Never build Transact SQL statements directly from user input
C . Avoid constructing dynamic SQL with concatenated input values
D . A Accept entries that contain binary data, escape sequences, and comment characters

View Answer

Answer: C

Explanation:

SQL Injection (SQLi) is a prevalent vulnerability in web applications that occurs when an attacker can insert or manipulate SQL queries using untrusted user input. This vulnerability is exploited by constructing dynamic SQL statements that include user-provided data without proper validation or sanitization. When applications concatenate user input values directly into SQL queries, they become susceptible to SQLi, as attackers can craft input that alters the intended SQL command structure, leading to unauthorized access or manipulation of the database.

To mitigate SQL injection risks, it’s crucial to avoid creating dynamic SQL queries by concatenating input values. Instead, best practices such as using prepared statements with parameterized queries, employing stored procedures, and implementing proper input validation and sanitization should be followed. These measures help ensure that user input is treated as data rather than part of the SQL code, thus preserving the integrity of the SQL statement and preventing injection attacks.

SQL Injection (SQLi): This common web application vulnerability arises when untrusted user input is directly used to construct SQL queries. Attackers can manipulate the input to alter the structure of the query, leading to data exposure, modification, or even deletion.

Dynamic SQL and Concatenation: Dynamically constructing SQL statements by concatenating user input is highly dangerous. Consider this example: SQL

SELECT * FROM users WHERE username = userInput ;

An attacker can provide input like: ‘ OR ‘1’=’1′– resulting in this query:

SQL

SELECT * FROM users WHERE username = ” OR ‘1’=’1′ — ;

This query will always return true due to the OR condition and the comment (–) effectively bypassing authentication.