Security Researcher Interview Questions and Answers

SQL injection is a type of cyber attack where malicious SQL code is inserted into input fields to manipulate a database.

• SQL injection occurs when an attacker inserts malicious SQL code into input fields on a website.

• This code can be used to access, modify, or delete data from the database.

• SQL injection can be prevented by using parameterized queries and input validation.

• Example: Entering ' OR '1'='1' into a login form to bypass authentication.

Types of SQL injection include in-band, inferential, and out-of-band.

• In-band SQL injection: data is extracted using the same channel that is used to inject the SQL code (e.g. error-based or union-based)

• Inferential SQL injection: no data is directly transferred through the web application, but the attacker is able to infer the result of a query based on the application's response

• Out-of-band SQL injection: data is sent to an attacker-controlled server using a different channel ...read more