CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')

Description

SQL injections is very widespread on the internet. This is also a very well documented attack on the Internet, and it is easy to find tools that automate this attack without having to know exactly how it works.

An SQL injection consists of sending arbitrary code in form inputs to modify the normal behavior of the application. It is used by attackers to bypass authentication, concatenate SQL queries to steal data, erase data from the database, ...

Risk measurement

Weakness Prevalence	High
Remediation Cost	Low
Attack Frequency	Often
Consequences	Data loss, Security bypass
Ease of Detection	Easy
Attacker Awareness	High

Comments

Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-89

CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-89

Contents

CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')

Description

Risk measurement

Comments

Share your opinion

Navigation menu

CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-89

CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')

Description

Risk measurement

Comments

Share your opinion

Navigation menu

Search