CCSK

 View Only
  • 1.  SQL Injection

    Posted Feb 04, 2021 02:18:00 PM

    Hello!

    In module 5 unit 5 of the CCSK training they mentioned SQL injection as a reason to use a NoSQL database. I was wondering, what exactly is SQL injection? Also, are there any other reasons to not use an SQL database? Alternatively, are there any preventative measures to protect against SQL injection?

    Thanks :)



    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: SQL Injection
    Best Answer

    CSA Instructor
    Posted Feb 05, 2021 06:10:00 AM
    Edited by Jenna Morrison Feb 09, 2021 11:19:12 AM
    The Owasp Top 10 project has an Injection section (link: https://owasp.org/www-project-top-ten/ ), which explains what injection attacks are and how to protect against them. SQL injections typically target web applications using SQL databases.  

    NoSQL databases tend to be used in distributed big data environments (where standard SQL databases are not efficient). NoSQL databases are not impacted by standard SQL injection attacks, but they can be vulnerable to other types of injections.


    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------



  • 3.  RE: SQL Injection

    Posted Feb 08, 2021 09:00:00 AM
    Interesting! Thanks for the clarification!

    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------