SQL Injection
SQL Injection is one of the oldest and most widely used application layer vulnerabilities used by attackers to steal valuable data from SQL based databases. Attackers leverage an SQL Injection vulnerability to bypass a web application's authentication system and to retrieve information. SQL Injection can also be used to make changes like adding, deleting, and modifying data records. The following diagram shows a 3-Tier application architecture:
The 3-Tier application has the following components:
- User Interface: User Interface (UI) is basically a user friendly way to interact with an actual application. This can be a mobile application, web UI or API method to interact with applications. A UI layer requests data from a business layer.
- Business Logic: A business logic can be considered an application layer which is responsible for handling data validation, business rules and task-specific behavior. Business rules fetch or insert data into the database layer.
- Database Layer: This...