Proposing SQL Statement Coverage Metrics: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 35: | Line 35: | ||
A ''SQL injection attack'' is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters. The lack of input validation to prevent SQL injection attacks is known as a SQL injection vulnerability<sup>[2, 5, 6, 8, 9, 13-16]</sup>. Our example of this type of input validation vulnerability begins with the login form presented in Figure 3. | A ''SQL injection attack'' is performed when a user exploits a lack of input validation to force unintended system behavior by altering the logical structure of a SQL statement with special characters. The lack of input validation to prevent SQL injection attacks is known as a SQL injection vulnerability<sup>[2, 5, 6, 8, 9, 13-16]</sup>. Our example of this type of input validation vulnerability begins with the login form presented in Figure 3. | ||
[[File:Sess-figure-3.png|thumb|'''Figure 3. Example login form''']] | |||
== 9. References == | == 9. References == | ||