{"id":505,"date":"2022-08-06T22:53:54","date_gmt":"2022-08-06T22:53:54","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=505"},"modified":"2022-08-06T22:53:54","modified_gmt":"2022-08-06T22:53:54","slug":"sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/da\/sikkerhed\/sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb\/","title":{"rendered":"SQL Injection 101: Hvad er SQLi, og hvordan man forebygger angreb"},"content":{"rendered":"<h2 class=\"wp-block-heading\" id=\"what-is-sql-injection\"><strong>Hvad er SQL-injektion<\/strong><\/h2>\n\n\n<p>SQL-injektion (SQLi) er en type angreb, der giver kriminelle mulighed for at udf\u00f8re skadelige SQL-udsagn mod s\u00e5rbare webapplikationer. Angribere kan f\u00e5 adgang til f\u00f8lsomme data, s\u00e5som kundeoplysninger, personlige data, forretningshemmeligheder og mere ved at omg\u00e5 applikationens sikkerhedsforanstaltninger. Her vil vi diskutere SQL-injektion, hvordan det fungerer, og hvordan du kan forhindre angreb.<\/p>\n\n\n\n<p>SQL-injektionsangreb kan ske p\u00e5 enhver hjemmeside, der bruger en SQL-database. Denne type angreb giver angribere adgang til dine essentielle data. De kan se forbrugerinformation, personlige data, forretningshemmeligheder og intellektuel ejendom. Dette er en af de mest alvorlige typer angreb p\u00e5 webapplikationer if\u00f8lge OWASP.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"types-of-sql-injection\"><strong>Typer af SQL-injektion<\/strong><\/h2>\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"542\" class=\"wp-image-515\" src=\"http:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2.png\" alt=\"Typer af SQL-injektion\" srcset=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2.png 1024w, https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2-300x159.png 300w, https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2-768x407.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n<h3 class=\"wp-block-heading\" id=\"inband-sqli\"><strong>In-band SQLi<\/strong><\/h3>\n\n\n<p>In-band SQL-injektion er et angreb, hvor angriberen bruger den samme kanal til at sende og modtage foresp\u00f8rgsler. In-band betyder, at svaret opn\u00e5s ved hj\u00e6lp af det samme kommunikationsmedium. Angriberens m\u00e5l er at f\u00e5 svaret i en webbrowser med det samme, hvis det er muligt, n\u00e5r angrebet udf\u00f8res manuelt med en webbrowser.<\/p>\n\n\n\n<p><strong>Eksempel p\u00e5 in-band SQL-injektion<\/strong><\/p>\n\n\n\n<p>Den mest almindelige m\u00e5de for en angriber at udf\u00f8re en in-band SQL-injektion er at \u00e6ndre foresp\u00f8rgslen, s\u00e5 de kan se den nuv\u00e6rende brugers personlige oplysninger. Dette kan g\u00f8res ved at \u00e6ndre den v\u00e6rdi, der sendes som en del af foresp\u00f8rgslen. For eksempel, hvis udsagnet skulle vise brugerens navn, kunne angriberen \u00e6ndre det, s\u00e5 deres navn vises i stedet.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">V\u00c6LG * FRA brugere HVOR bruger_id LIG 'nuv\u00e6rende_bruger'<\/pre>\n\n\n\n<p>Fejlbaseret SQLi og Union-baseret SQLi er de to mest almindelige former for in-band SQL-injektion.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"errorbased-sqli\"><strong>Fejlbaseret SQLi<\/strong><\/h4>\n\n\n<p>En fejlbaseret SQLi-teknik er en in-band SQL-injektionsmetode, der udnytter databaseserverens fejlmeddelelser til at opdage databasens arkitektur. Fejlbaseret SQL-injektion er den mest almindelige type in-band SQL-injektion.<\/p>\n\n\n\n<p><strong>Eksempel p\u00e5 fejlbaseret SQLi:<\/strong><\/p>\n\n\n\n<p>Hvis en angriber fors\u00f8ger at logge ind med f\u00f8lgende legitimationsoplysninger:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">brugernavn: ' OR 'a'='apassword: anything<\/pre>\n\n\n\n<p>Databasen vil returnere en fejl, fordi udsagnet er syntaktisk ukorrekt. Fejlmeddelelsen vil afsl\u00f8re oplysninger om databasen, som angriberen kan bruge til deres fordel.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"unionbased-sqli\"><strong>Union-baseret SQLi:<\/strong><\/h4>\n\n\n<p>In-band SQL-injektion er en m\u00e5de at f\u00e5 information fra en hjemmeside ved hj\u00e6lp af UNION-operat\u00f8ren til at kombinere output fra to eller flere SELECT-udsagn.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"blind-sql-injection\"><strong>Blind SQL-injektion<\/strong><\/h3>\n\n\n<p>Blind SQL-injektion er et angreb, hvor angriberen fors\u00f8ger at f\u00e5 svar fra databasen ved at stille sp\u00f8rgsm\u00e5l, der vil resultere i et sandt eller falsk svar. Angriberen bruger fejlmeddelelser til at se, om applikationen reagerer anderledes, n\u00e5r en bestemt kode bruges.<\/p>\n\n\n\n<p>N\u00e5r en hacker bruger SQL-injektion, kan webapplikationen vise kritiske databaseadvarselsmeddelelser, der angiver, at SQL-foresp\u00f8rgselssyntaksen er forkert. Blind SQL-injektion fungerer p\u00e5 samme m\u00e5de som traditionel SQL-injektion, bortset fra hvordan data hentes fra databasen. Hvis en database ikke har nok information til, at en angriber kan udnytte den, skal en angriber stille en r\u00e6kke sp\u00f8rgsm\u00e5l for at f\u00e5 data.<\/p>\n\n\n\n<p>Blind SQL-injektion er opdelt i blind-boolean-baseret SQLi og blind-tidsbaseret SQLi.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"booleanbased-blind-sqli\"><strong>Boolean-baseret Blind SQLi<\/strong><\/h4>\n\n\n<p>Boolean-baseret Blind SQL-injektion er et angreb, hvor angriberen fors\u00f8ger at f\u00e5 svar fra databasen ved at stille sp\u00f8rgsm\u00e5l, der vil resultere i et sandt eller falsk svar. Angriberen bruger fejlmeddelelser til at se, om applikationen reagerer anderledes, n\u00e5r en bestemt kode bruges.<\/p>\n\n\n\n<p>Eksempel p\u00e5 boolean-baseret Blind SQLi:<\/p>\n\n\n\n<p>Hvis en angriber vil finde ud af databasetypen, vil de bruge f\u00f8lgende udsagn:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">V\u00c6LG * FRA brugere HVOR bruger_id LIG 'nuv\u00e6rende_bruger' og database() lig '%type%'<\/pre>\n\n\n\n<p>Hvis databasen er MySQL, ville output v\u00e6re noget i retning af dette:<\/p>\n\n\n\n<p>Du har en fejl i din SQL-syntaks; tjek manualen, der svarer til din MySQL-serverversion for den rigtige syntaks at bruge n\u00e6r \u2018and database() like \u2018%type%\u201d p\u00e5 linje<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"timebased-blind-sql-injection\"><strong>Tidsbaseret Blind SQL-injektion<\/strong><\/h4>\n\n\n<p>Et tidsbaseret Blind-angreb er, n\u00e5r en SQL-kommando sendes til serveren med kode, der f\u00e5r foresp\u00f8rgsler til at udf\u00f8re langsommere.<\/p>\n\n\n\n<p>Tidsbaserede Blind-angreb giver angribere mulighed for at udtr\u00e6kke data baseret p\u00e5 adgangstid. Et s\u00e5dant angreb er kendt som et blindt eller inferentielt injektionsangreb. Dette er en type angreb, hvor der ikke er nogen dataflow mellem angriberen og databasen, men fordi der ikke er noget svar, kaldes det ogs\u00e5 et blindt injektionsangreb.<\/p>\n\n\n\n<p>Responstiden indikerer, om svaret er korrekt eller forkert. Hvis svaret er negativt, vil indtr\u00e6ngeren lave en ny foresp\u00f8rgsel. Denne angrebsteknik er langsom, fordi hackeren skal gennemg\u00e5 hvert tegn individuelt, is\u00e6r n\u00e5r der angribes massive databaser.<\/p>\n\n\n\n<p><strong>Eksempel p\u00e5 blind SQLi<\/strong><\/p>\n\n\n\n<p>I dette eksempel fors\u00f8ger angriberen at afg\u00f8re, om brugeren med id=999 findes i databasen. For at g\u00f8re dette bruger de f\u00f8lgende udsagn:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">HVIS(SUBSTRING((V\u00c6LG kodeord FRA brugere HVOR bruger_id=999),0, LEN('hemmelig'))='hemmelig', SOV(30), 'falsk')<\/pre>\n\n\n\n<p>Hvis brugeren med id 999 findes i databasen, og deres adgangskode er hemmelig, vil applikationen sove i 30 sekunder. Applikationen vil returnere falsk, hvis brugeren ikke findes i databasen.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"outofband-sqli\"><strong>Out-of-band SQLi<\/strong><\/h3>\n\n\n<p>En person, der \u00f8nsker at stj\u00e6le data, kan sende SQL-kode til en databaseserver p\u00e5 en m\u00e5de, der ikke er en del af den s\u00e6dvanlige kommunikation mellem serveren og andre computere. Dette kan g\u00f8res ved at sende information til serveren gennem DNS- eller HTTP-foresp\u00f8rgsler.<\/p>\n\n\n\n<p>Appens svar vil ikke blive p\u00e5virket af, om der returneres data, om der er et problem med databasen, eller hvor lang tid det tager at udf\u00f8re foresp\u00f8rgslen. Out-of-band kan bruges i netv\u00e6rksinteraktioner til at udl\u00f8se begivenheder efter behov. Afh\u00e6ngigt af en injiceret betingelse kan disse aktiveres betinget for at opn\u00e5 viden \u00e9n bit ad gangen.<\/p>\n\n\n\n<p>Data kan ogs\u00e5 l\u00e6kke via flere netv\u00e6rksprotokoller fra netv\u00e6rksinteraktioner. Visualiseringen repr\u00e6senterer foresp\u00f8rgslen sendt fra webapplikationen til appens database.<\/p>\n\n\n\n<p><strong>Eksempel p\u00e5 out-of-band SQLi<\/strong><\/p>\n\n\n\n<p>I dette eksempel fors\u00f8ger angriberen at afg\u00f8re, om en bestemt bruger findes i databasen. For at g\u00f8re dette bruger de f\u00f8lgende udsagn:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">SELECT user_id FROM users WHERE username='$username' AND password='$password' LIMIT 0,0 UNION SELECT NULL,'' INTO OUTFILE '\/var\/opt\/databases\/$filename.php'; --<\/pre>\n\n\n\n<p>Applikationen vil returnere deres bruger-id, hvis brugeren findes i databasen. Hvis brugeren ikke findes i databasen, vil applikationen oprette en fil, der indeholder PHP-kode, der kan bruges til at udf\u00f8re systemkommandoer. Angriberen kan derefter bruge denne fil til at k\u00f8re kommandoer p\u00e5 serveren.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-prevent-an-sql-injection\"><strong>Hvordan man forhindrer en SQL-injektion<\/strong><\/h2>\n\n\n<p>Den bedste m\u00e5de at beskytte mod SQL-injektionsangreb er at bruge inputvalidering, forberedte udsagn og parameteriserede foresp\u00f8rgsler. Koden b\u00f8r aldrig g\u00f8re direkte brug af brugerens input. Udviklere skal rense al input i stedet for blot webformularinput som loginformularer. Enkeltcitater b\u00f8r elimineres fra enhver tvivlsom kodekomponent. Det er ogs\u00e5 en god id\u00e9 at skjule databaseproblemer p\u00e5 live-sider for at undg\u00e5 utilsigtet at afsl\u00f8re dem. SQL-injektion kan give information om et databasesystem, som angribere kan bruge til deres fordel.<\/p>\n\n\n\n<p>Hvis du finder et problem med din hjemmeside, b\u00f8r du tage den offline med det samme og kontakte din hostingudbyder. De kan hj\u00e6lpe dig med at afg\u00f8re, om din side er blevet kompromitteret, og hvilke skridt du skal tage for at l\u00f8se problemet. I mellemtiden skal du sikre, at alle dine hjemmesides brugere er opm\u00e6rksomme p\u00e5 problemet og \u00e6ndrer deres adgangskoder s\u00e5 hurtigt som muligt.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"prevention-tips-for-avoiding-sql-injections\"><strong>Forebyggelsestips til at undg\u00e5 SQL-injektioner<\/strong><\/h2>\n\n\n<p>Der er nogle f\u00e5 m\u00e5der at undg\u00e5 SQL-injektionss\u00e5rbarheder i dit programmeringssprog og databasesetup. Disse teknikker kan bruges med de fleste databaser, s\u00e5som XML. Du kan bruge disse teknikker til at g\u00f8re dine databaser mere sikre.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"1-use-of-properly-constructed-stored-procedures\">1) Brug af korrekt konstruerede lagrede procedurer<\/h3>\n\n\n<p>Begyndere b\u00f8r starte med at l\u00e6re, hvordan man opretter udsagn med variabler. Dette er lettere end at oprette dynamiske foresp\u00f8rgsler, og det er lettere at forst\u00e5. Parameteriserede foresp\u00f8rgsler er, hvor udvikleren opretter al SQL-koden og derefter leverer hver parameter p\u00e5 et senere tidspunkt. Denne metode giver databasen mulighed for at skelne mellem kildekode og information.<\/p>\n\n\n\n<p>Forberedte udsagn hj\u00e6lper med at sikre, at en foresp\u00f8rgsels m\u00e5l ikke \u00e6ndres, selvom nogen fors\u00f8ger at give SQL-instruktioner.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"2-allowlist-input-validation\">2) Tillad-liste Input Validering<\/h3>\n\n\n<p>SQL-foresp\u00f8rgsler bruger bindvariabler p\u00e5 specifikke steder til data. For eksempel, hvis du bruger Python, ville du bruge <strong>%s<\/strong> pladsholder. Du kan bruge et regul\u00e6rt udtryk til at validere brugerinput mod tillad-listen for, hvilke tegn der er tilladt i hver bindvariabel.<\/p>\n\n\n\n<p>Hvis du bruger JavaScript, kan du bruge <strong>\\w<\/strong> til at matche alfanumeriske og understregningstegn.<\/p>\n\n\n\n<p>Tillad-listen skal v\u00e6re s\u00e5 specifik som muligt for at undg\u00e5 falske positiver.<\/p>\n\n\n\n<p>For eksempel, hvis du leder efter et amerikansk telefonnummer, ville du bruge f\u00f8lgende regul\u00e6re udtryk:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">\/^\\d{11}$\/<\/pre>\n\n\n\n<p>Dette ville matche en streng p\u00e5 11 cifre, der kunne v\u00e6re et telefonnummer. Hvis nogen fors\u00f8gte at indsende noget som \u2018<strong>abcdef<\/strong>\u2018, ville det ikke matche, og inputtet ville v\u00e6re ugyldigt.<\/p>\n\n\n\n<p>Dette vil hj\u00e6lpe med at sikre, at dine data er sikre og sunde. Hvis du har brug for at bruge v\u00e6rdier fra kode i stedet for brugerparametre, er det ogs\u00e5 okay!<\/p>\n\n\n\n<p>Men hvis brugerparameterens v\u00e6rdier m\u00e5lretter mod specifikke tabel- og kolonnenavne, skal parameterv\u00e6rdierne kortl\u00e6gges til de tilsvarende tabel- og kolonnenavne for at sikre, at ikke-valideret brugerinput ikke kommer ind i foresp\u00f8rgslen.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"3-use-whitelists\">3) Brug af hvidlister<\/h3>\n\n\n<p>Filtrer ikke brugerinput baseret p\u00e5 sortlister over d\u00e5rlige tegn. Brug af tillad-lister over gode tegn, der forventes i specifikke felter, er meget mere effektivt. Dette vil stoppe SQL-injektionsangreb, f\u00f8r de starter.<\/p>\n\n\n\n<p>For eksempel, tillad kun cifre og bindestreger i inputfeltet, hvis du forventer et telefonnummer. Hvis du forventer en e-mailadresse, skal du kun tillade tegn, der er gyldige i en e-mailadresse.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"4-use-the-most-uptodate-platforms\">4) Brug de mest opdaterede platforme<\/h3>\n\n\n<p>PHP har ikke SQLi-beskyttelse i \u00e6ldre webudviklingsplatforme. Brug den mest opdaterede udgave af programmeringsmilj\u00f8et, sproget og tilknyttede teknologier, der er tilg\u00e6ngelige. I stedet for PHP, brug PDO i dette eksempel.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"5-scan-your-web-application-regularly\">5) Scan din webapplikation regelm\u00e6ssigt<\/h3>\n\n\n<p>SQL-injektioner kan v\u00e6re meget sv\u00e6re at opdage. Det er vigtigt at scanne din webapplikation for s\u00e5rbarheder regelm\u00e6ssigt.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"6-enforcing-least-privilege\">6) H\u00e5ndh\u00e6velse af mindst privilegium<\/h3>\n\n\n<p>Princippet om mindst privilegium er et sikkerhedskoncept, der begr\u00e6nser brugere til den mindste m\u00e6ngde adgang, de har brug for til at udf\u00f8re deres arbejde. Dette inkluderer at begr\u00e6nse antallet af konti, brugerne har, og de privilegier, disse konti har.<\/p>\n\n\n\n<p>Mindst begr\u00e6nsning p\u00e5 funktionalitet (LRF) er praksis og konceptet med at begr\u00e6nse brugerrettigheder, konti og computerprocesser til kun de ressourcer, der er n\u00f8dvendige for grundl\u00e6ggende, acceptable opgaver. Dette hj\u00e6lper med at opretholde minimale brugerrettigheder eller sikkerhedsniveauer, hvilket er vigtigt for, at folk kan udf\u00f8re deres arbejde effektivt.<\/p>\n\n\n\n<p>Mindst privilegium er et sikkerhedsprincip, der kr\u00e6ver, at applikationer, systemer og gadgets kun har de tilladelser, der er n\u00f8dvendige for at udf\u00f8re en bestemt opgave. P\u00e5 denne m\u00e5de vil p\u00e5virkningen v\u00e6re begr\u00e6nset, hvis nogen form\u00e5r at udnytte en s\u00e5rbarhed og g\u00f8re skade. Dette er i mods\u00e6tning til at give brugere flere tilladelser, end de har brug for, hvilket \u00f8ger risikoen for betydelig skade i et SQL-angreb.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"sql-injection-frequently-asked-questions\"><strong>SQL-injektion \u2013 Ofte stillede sp\u00f8rgsm\u00e5l<\/strong><\/h2>\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\u00a0<\/div><\/div>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\">\n<div id=\"faq-question-1659826159348\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvad er den mest almindelige SQL-injektion?<\/strong>\n<p class=\"schema-faq-answer\">In-band SQL-injektion er den mest almindelige type SQL-injektionsangreb. Det opst\u00e5r, n\u00e5r en angriber kan bruge den samme kommunikationskanal til at levere nyttelasten og indsamle resultater.<\/p>\n<\/div>\n<div id=\"faq-question-1659826187832\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvad er det bedste forsvar mod SQL-injektion?<\/strong>\n<p class=\"schema-faq-answer\">Det bedste forsvar mod SQL-injektion er at bruge parameteriserede foresp\u00f8rgsler. Denne type foresp\u00f8rgsel bruger pladsholderv\u00e6rdier til parametre, som leveres p\u00e5 et senere tidspunkt. Denne metode g\u00f8r det muligt for databasen at skelne mellem kildekode og information.<\/p>\n<\/div>\n<div id=\"faq-question-1659826216670\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvordan opdages SQL-injektion?<\/strong>\n<p class=\"schema-faq-answer\">SQL-injektion kan opdages p\u00e5 flere m\u00e5der. En metode er at bruge en webapplikationsfirewall (WAF). En WAF er et stykke hardware eller software, der sidder mellem en webapplikation og internettet. Den inspicerer trafik for skadelig aktivitet og kan blokere SQL-injektionsangreb.<\/p>\n<\/div>\n<div id=\"faq-question-1659826245103\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvad er andenordens SQL-injektion?<\/strong>\n<p class=\"schema-faq-answer\">Andenordens SQL-injektion opst\u00e5r, n\u00e5r en angriber kan injicere en nyttelast, der gemmes af webapplikationen og derefter udf\u00f8res senere. Denne type angreb er sv\u00e6rere at opn\u00e5, fordi angriberen skal have en m\u00e5de at udl\u00f8se udf\u00f8relsen af den gemte nyttelast.<\/p>\n<\/div>\n<div id=\"faq-question-1659826275267\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvad er blind SQL-injektion?<\/strong>\n<p class=\"schema-faq-answer\">Blind SQL-injektion er et angreb, hvor angriberen ikke direkte ser resultaterne af deres nyttelast. I stedet skal de bruge sande eller falske udsagn til at udlede information fra databasen. Denne type angreb er sv\u00e6rere at udf\u00f8re, men kan v\u00e6re lige s\u00e5 farlig som andre typer SQL-injektion.<\/p>\n<\/div>\n<div id=\"faq-question-1659826301781\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvad er en stablet foresp\u00f8rgsel?<\/strong>\n<p class=\"schema-faq-answer\">En stablet foresp\u00f8rgsel er en type SQL-injektion, hvor angriberen bruger flere foresp\u00f8rgsler til at udtr\u00e6kke information fra databasen. Denne type angreb er sv\u00e6rere at udf\u00f8re, men kan v\u00e6re meget farlig, hvis det lykkes.<\/p>\n<\/div>\n<div id=\"faq-question-1659826330814\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">Hvad er en fejlbaseret SQL-injektion?<\/strong>\n<p class=\"schema-faq-answer\">Fejlbaseret SQL-injektion er et angreb, hvor angriberen bruger databasefejl til at udlede information fra databasen. Dette angreb er sv\u00e6rere at udf\u00f8re, men kan v\u00e6re meget farligt, hvis det lykkes.<\/p>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Hvad er SQL-injektion SQL-injektion (SQLi) er en type angreb, der g\u00f8r det muligt for kriminelle at udf\u00f8re ondsindede SQL-s\u00e6tninger mod s\u00e5rbare webapplikationer. Angribere kan f\u00e5 adgang til f\u00f8lsomme data som... <a class=\"more-link\" href=\"https:\/\/securitybriefing.net\/da\/sikkerhed\/sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb\/\">Read more <span class=\"screen-reader-text\">SQL Injection 101: Hvad er SQLi, og hvordan man forebygger angreb<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What is SQLi and How to Prevent Attacks | securitybriefing<\/title>\n<meta name=\"description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securitybriefing.net\/da\/sikkerhed\/sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb\/\" \/>\n<meta property=\"og:locale\" content=\"da_DK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is SQLi and How to Prevent Attacks | securitybriefing\" \/>\n<meta property=\"og:description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securitybriefing.net\/da\/sikkerhed\/sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Briefing\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-06T22:53:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"558\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Skrevet af\" \/>\n\t<meta name=\"twitter:data1\" content=\"security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimeret l\u00e6setid\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutter\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"author\":{\"name\":\"security\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\"},\"headline\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"wordCount\":2130,\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"da-DK\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"name\":\"What is SQLi and How to Prevent Attacks | securitybriefing\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"description\":\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\"}],\"inLanguage\":\"da-DK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"width\":558,\"height\":500,\"caption\":\"sql injection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securitybriefing.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securitybriefing.net\/#website\",\"url\":\"https:\/\/securitybriefing.net\/\",\"name\":\"Security Briefing\",\"description\":\"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.\",\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securitybriefing.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"da-DK\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securitybriefing.net\/#organization\",\"name\":\"Security Briefing\",\"url\":\"https:\/\/securitybriefing.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"width\":256,\"height\":70,\"caption\":\"Security Briefing\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\",\"name\":\"security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"da-DK\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"caption\":\"security\"},\"description\":\"admin is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She\u2019s based outside Boston.\",\"sameAs\":[\"http:\/\/securitybriefing.net\"],\"url\":\"https:\/\/securitybriefing.net\/da\/author\/security\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"position\":1,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"name\":\"What is the most common SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"position\":2,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"name\":\"What is the best defense of SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"position\":3,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"name\":\"How is SQL injection detected?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"position\":4,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"name\":\"What is second-order SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"position\":5,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"name\":\"What is blind SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"position\":6,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"name\":\"What is a stacked query?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"position\":7,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"name\":\"What is an error-based SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"da-DK\"},\"inLanguage\":\"da-DK\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hvad er SQLi og hvordan man forhindrer angreb | sikkerhedsbriefing","description":"L\u00e6r det grundl\u00e6ggende om SQL-injektion. hvad er SQL-injektion, hvordan fungerer det, og hvilke m\u00e5der at beskytte din side mod angreb.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securitybriefing.net\/da\/sikkerhed\/sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb\/","og_locale":"da_DK","og_type":"article","og_title":"What is SQLi and How to Prevent Attacks | securitybriefing","og_description":"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.","og_url":"https:\/\/securitybriefing.net\/da\/sikkerhed\/sql-injection-101-hvad-er-sqli-og-hvordan-man-forhindrer-angreb\/","og_site_name":"Security Briefing","article_published_time":"2022-08-06T22:53:54+00:00","og_image":[{"width":558,"height":500,"url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","type":"image\/png"}],"author":"security","twitter_card":"summary_large_image","twitter_misc":{"Skrevet af":"security","Estimeret l\u00e6setid":"11 minutter"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article","isPartOf":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"author":{"name":"security","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81"},"headline":"SQL Injection 101: What is SQLi and How to Prevent Attacks","datePublished":"2022-08-06T22:53:54+00:00","mainEntityOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"wordCount":2130,"publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","articleSection":["Security"],"inLanguage":"da-DK"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","name":"Hvad er SQLi og hvordan man forhindrer angreb | sikkerhedsbriefing","isPartOf":{"@id":"https:\/\/securitybriefing.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","datePublished":"2022-08-06T22:53:54+00:00","description":"L\u00e6r det grundl\u00e6ggende om SQL-injektion. hvad er SQL-injektion, hvordan fungerer det, og hvilke m\u00e5der at beskytte din side mod angreb.","breadcrumb":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814"}],"inLanguage":"da-DK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","width":558,"height":500,"caption":"sql injection"},{"@type":"BreadcrumbList","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securitybriefing.net\/"},{"@type":"ListItem","position":2,"name":"SQL Injection 101: What is SQLi and How to Prevent Attacks"}]},{"@type":"WebSite","@id":"https:\/\/securitybriefing.net\/#website","url":"https:\/\/securitybriefing.net\/","name":"Sikkerhedsbriefing","description":"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.","publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securitybriefing.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"da-DK"},{"@type":"Organization","@id":"https:\/\/securitybriefing.net\/#organization","name":"Sikkerhedsbriefing","url":"https:\/\/securitybriefing.net\/","logo":{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","width":256,"height":70,"caption":"Security Briefing"},"image":{"@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81","name":"sikkerhed","image":{"@type":"ImageObject","inLanguage":"da-DK","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","caption":"security"},"description":"admin er seniorskribent for Government Technology. Hun har tidligere skrevet for PYMNTS og The Bay State Banner og har en BA i kreativ skrivning fra Carnegie Mellon. Hun bor uden for Boston.","sameAs":["http:\/\/securitybriefing.net"],"url":"https:\/\/securitybriefing.net\/da\/author\/security\/"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","position":1,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","name":"Hvad er den mest almindelige SQL-injektion?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.","inLanguage":"da-DK"},"inLanguage":"da-DK"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","position":2,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","name":"Hvad er det bedste forsvar mod SQL-injektion?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.","inLanguage":"da-DK"},"inLanguage":"da-DK"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","position":3,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","name":"Hvordan opdages SQL-injektion?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.","inLanguage":"da-DK"},"inLanguage":"da-DK"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","position":4,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","name":"Hvad er andenordens SQL-injektion?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.","inLanguage":"da-DK"},"inLanguage":"da-DK"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","position":5,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","name":"Hvad er blind SQL-injektion?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.","inLanguage":"da-DK"},"inLanguage":"da-DK"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","position":6,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","name":"Hvad er en stablet foresp\u00f8rgsel?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"da-DK"},"inLanguage":"da-DK"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","position":7,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","name":"Hvad er en fejlbaseret SQL-injektion?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"da-DK"},"inLanguage":"da-DK"}]}},"_links":{"self":[{"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":0,"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/media\/644"}],"wp:attachment":[{"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybriefing.net\/da\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}