Proposing SQL Statement Coverage Metrics: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 37: | Line 37: | ||
A ''SQL injection attack'' is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters. The lack of input validation to prevent SQL injection attacks is known as a SQL injection vulnerability<sup>[2, 5, 6, 8, 9, 13-16]</sup>. Our example of this type of input validation vulnerability begins with the login form presented in Figure 3. | A ''SQL injection attack'' is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters. The lack of input validation to prevent SQL injection attacks is known as a SQL injection vulnerability<sup>[2, 5, 6, 8, 9, 13-16]</sup>. Our example of this type of input validation vulnerability begins with the login form presented in Figure 3. | ||
<center>[[File:Sess-figure-3.png]] | <center>[[File:Sess-figure-3.png]] <br /> | ||
<br /> | |||
'''Figure 3. Example login form'''</center> | '''Figure 3. Example login form'''</center> | ||