SQL Injection
A code injection technique that exploits vulnerabilities in a web application's database layer by inserting malicious SQL statements into input fields or URL parameters. Successful attacks can extract, modify, or delete database contents, bypass authentication, or execute operating system commands. Types include in-band (UNION-based, error-based), blind (boolean-based, time-based), and out-of-band SQL injection. Prevention requires parameterized queries (prepared statements), input validation, stored procedures, and web application firewalls (WAFs). SQL injection is consistently ranked in the OWASP Top 10 and is heavily tested in CEH, OSCP, and web security certifications.
Why It Matters
In practice, SQL injection is critical because it can grant attackers complete access to an application's database, exposing millions of user records, financial data, and authentication credentials in a single attack. Organizations that fail to use parameterized queries face full database compromise, with attackers able to read, modify, or delete any data and potentially pivot to the underlying operating system through extended stored procedures. Despite being well understood for over two decades, SQL injection remains prevalent due to legacy code, ORM misuse, and developer oversight. The Heartland Payment Systems breach exposed 130 million credit card numbers through SQL injection. On certification exams such as CEH, OSCP, and Security+, expect questions about crafting and identifying SQL injection payloads, understanding UNION-based versus blind injection techniques, implementing parameterized queries in different programming languages, and configuring WAF rules to detect injection attempts.
Practice this topic
Test your knowledge of SQL Injection concepts with exam-style practice questions.
Related Threats & Attacks terms
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, encompassing a broad category of threats including viruses, worms, trojans, ransomware, spyware, adware, and rootkits. Malware can be delivered through phishing emails, malicious downloads, drive-by downloads, USB drives, or supply chain attacks. Defense strategies include endpoint protection (antivirus/EDR), application whitelisting, user awareness training, and keeping software patched. Malware analysis (static and dynamic) is a specialized skill used in incident response and threat intelligence. Malware types and defenses are fundamental topics in Security+, CEH, and CySA+ certifications.
Ransomware
A type of malware that encrypts a victim's files or locks system access and demands a ransom payment (typically in cryptocurrency) for the decryption key. Modern ransomware attacks often involve double extortion — encrypting data and threatening to leak it publicly. Ransomware-as-a-Service (RaaS) has lowered the barrier for attackers, with groups like LockBit, BlackCat, and Cl0p operating affiliate programs. Prevention includes offline backups, network segmentation, email filtering, endpoint detection, and patch management. Ransomware incident response is a critical topic in CISSP, CySA+, and incident response certifications.
Phishing
A social engineering attack that uses fraudulent emails, text messages (smishing), or phone calls (vishing) to trick users into revealing sensitive information like credentials, financial data, or installing malware. Phishing is the most common initial attack vector, responsible for over 80% of reported security incidents. Variants include spear phishing (targeted), whaling (targeting executives), and business email compromise (BEC). Defenses include email authentication (SPF, DKIM, DMARC), security awareness training, URL filtering, and multi-factor authentication. Phishing recognition is tested in Security+, CEH, and every major cybersecurity certification.
Cross-Site Scripting (XSS)
A web security vulnerability that allows attackers to inject malicious client-side scripts (usually JavaScript) into web pages viewed by other users, potentially stealing session cookies, credentials, or performing actions on behalf of victims. Three main types exist: Stored XSS (persisted in the database), Reflected XSS (included in the server response from user input), and DOM-based XSS (executed entirely in the browser). Prevention includes output encoding, Content Security Policy (CSP) headers, input validation, and using modern frameworks with built-in XSS protection. XSS is a persistent OWASP Top 10 vulnerability and a core topic in CEH, OSCP, and web application security exams.
DDoS (Distributed Denial of Service)
An attack that overwhelms a target system, service, or network with a flood of traffic from multiple distributed sources (often a botnet), making it unavailable to legitimate users. DDoS attacks operate at different layers: volumetric (bandwidth flooding), protocol (SYN floods, Ping of Death), and application layer (HTTP floods, Slowloris). Mitigation strategies include CDN-based protection (Cloudflare, AWS Shield), rate limiting, traffic scrubbing centers, and anycast routing. DDoS attacks can cause significant financial damage through downtime and are a common threat assessed in Security+, CEH, and CISSP certifications.
Man-in-the-Middle (MITM)
An attack where the attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other. Common techniques include ARP spoofing, DNS spoofing, SSL stripping, and rogue Wi-Fi access points. The attacker can eavesdrop on sensitive data, modify transactions, or inject malicious content. Defenses include HTTPS/TLS with certificate pinning, HSTS headers, VPNs, and mutual authentication. MITM attacks are demonstrated extensively in CEH and OSCP practical labs and tested in Security+ and CISSP exams.