Dotnet WebAPI's > SQL Injection

2021-9-12 Less than 1 minute

# Dotnet WebAPI's > SQL Injection

# What is SQL injection?

A malicious attempt from an outside source to modify your database.

# What are 3 methods SQL injection can be done by?

User Input - data inputted through a form
Modification to cookies - essentially a digital poison.
Second order SQL injections - the sneakiest. Designed to run later on.

# How can we detect and sanitize SQL injection attacks?

WAF's can detect and block basic SQL injection attacks
IDS's can be tuned to detect SQL injection attacks
Network Based IDS's can monitor and flag suspicious activity

# Daily Challenge

GroupMe (opens new window)

Dotnet WebAPI's > Relationships, and answer the following questions Reflection