What is SQL Injection?

An injection attack where malicious SQL statements are inserted into application input fields that are passed unsanitized to a database query, allowing attackers to manipulate query logic. Successful SQL injection can expose sensitive data, bypass authentication, modify or delete records, and in some configurations execute operating system commands. Despite being one of the oldest known web vulnerabilities, SQL injection remains widespread and consistently appears in the OWASP Top 10.

Related terms

Cross-Site Scripting (XSS) →

A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Payload →

The component of an attack that performs the attacker's intended malicious action after a vulnerability has been triggered.

OWASP Top 10 →

A regularly updated consensus list of the ten most critical security risks to web applications, published by the Open Web Application Security Project (OWASP).

Web Application Firewall (WAF) →

A security control that monitors, filters, and blocks HTTP/HTTPS traffic between clients and a web application based on rule sets designed to detect common attack patterns.

Put this into practice

Autonomous OWASP vulnerability scanning →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.