Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › SQL INJECTION (SQLi) is a vulnerability where an…

SQL INJECTION (SQLi) is a vulnerability where an attacker

Aguesses the database password
Binserts malicious SQL via user input
Cphysically steals the database server
DDDoSes the database
Answer & Solution
Correct answer: B. inserts malicious SQL via user input
1. SQL INJECTION: when application code builds SQL by string-concatenating user input. 2. Example: `SELECT * FROM users WHERE name = '` + userInput + `'`. If userInput = `' OR '1'='1`, the query becomes `... WHERE name = '' OR '1'='1'` — returns all rows. 3. PRIMARY MITIGATION: PARAMETERISED QUERIES (prepared statements). User input is passed as a separate parameter, never inlined into SQL string. 4. Secondary mitigations: input validation, least-privilege DB user, web application firewall (WAF). 5. Falls under A03: Injection in OWASP Top 10 2021. _Source: OWASP Top 10 2021 — A03: Injection._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions