Q: What is SQL Injection?
A: SQL Injection is a technique used to exploit vulnerabilities in web applications by injecting malicious SQL queries through unsanitized inputs.

Q: Name two types of in-band SQL injection.
A: Error-based and UNION-based SQL injection.

Q: What is the purpose of parameterized queries?
A: To prevent SQL injection by ensuring that user inputs are treated as data, not executable code.

Q: How does a blind SQL injection attack work?
A: It infers information by sending true/false queries and observing the application's behavior without returning actual data.

Q: What is an example of an SQL injection query?
A: ' OR '1'='1' -- used in a login form to bypass authentication.

Q: Why is input validation important in preventing SQL injection?
A: It ensures that user inputs do not contain malicious SQL code that can be executed by the database.

Q: What does the principle of least privilege entail?
A: Granting users the minimum level of access necessary to perform their tasks to reduce the potential impact of a security breach.

Q: What is the difference between in-band and out-of-band SQL injection?
A: In-band uses the same communication channel for attacks and retrieval, while out-of-band uses different channels.

https://quizlet.com/au/928580750/module-15-sql-injection-flash-cards/?i=2hfw1u&x=1jqt