Analysis and Exploration of Vulnerabilities

CWE-89 SQL Injection

Role of Databases

Server state

Information in the database is expected to have ACID properties.

  • Atomicity: transactions are either completed or not.

  • Consistency: the database is in a valid state.

  • Isolation: a transaction is made in a isolated context, until a final commit.

  • Durability: after a commit a change is persisted.

Database Management System (DBMS) provide these properties.

  • Through a communication interface using a structured language.

Applications rely on it, and keep up the data model and access pattern predictable.

  • Only specific tasks (queries) are predicted as part of the operational logic.

  • Access to some queries may be restricted (delete users, access data...).

Data Structure

  • Data is organized in databases.

  • Databases contain tables.

  • Tables contain are organized with columns.

  • Tables contain rows with values.

PreviousCommon PitfallsNextUsing SQL

Last updated