Last Modified: 2025-07-07 12:28:23Z
Table of Contents
SQL Injection (SQLi shortly) is a technique to run arbitrary SQL code. Most of attacks happen targeting backend servers and related databases, but it can be happened if the program uses a database.
1. References
-
OWASP Top 10:2021 - Injection: Several injection techniques, including Command Injection and XSS, were merged into this.
-
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
-
CWE-564: SQL Injection: Hibernate
Note: Hibernate is a ORM tool for Java and JSP.
-
Research on Countermeasure of SQL Injection Attack, Sunghyuck Hong, 2019
1.1. Special Reports from EQST team, SK Shielders
EQST team released a high quality reports about SQL Injection. The EQST team is a research team of SK Shielders. All reports are written in Korean.