Virtual Labs

Which practice is effective in preventing SQL Injection?

a: Using prepared statements Explanation

Explanation

b: Allowing direct user input in SQL queries Explanation

Explanation

c: Hardcoding all SQL queries Explanation

Explanation

d: Disabling user authentication Explanation

Explanation

What is Blind SQL Injection?

a: A technique that extracts data using visible outputs Explanation

Explanation

b: A technique that infers information based on application behavior Explanation

Explanation

c: A method to drop tables in a database Explanation

Explanation

d: A process that disables SQL queries Explanation

Explanation

Why is input validation important in SQL security?

a: To reduce query execution time Explanation

Explanation

b: To restrict unauthorized access Explanation

Explanation

c: To allow unrestricted user input Explanation

Explanation

d: To improve database indexing Explanation

Explanation

What is the purpose of using a whitelist for input validation?

a: To allow all input data without restrictions Explanation

Explanation

b: To define acceptable input values and reject the rest Explanation

Explanation

c: To automatically sanitize input without user control Explanation

Explanation

d: To log all user inputs for future analysis Explanation

Explanation

Which SQL command can be used to check for the presence of SQL Injection vulnerabilities?

a: SELECT * FROM users WHERE username = 'admin' AND password = '' OR 1=1 -- Explanation

Explanation

b: INSERT INTO users VALUES ('test', 'password'); Explanation

Explanation

c: DELETE FROM users WHERE username = 'admin'; Explanation

Explanation

d: UPDATE users SET password = 'newpassword' WHERE username = 'admin'; Explanation

Explanation

What does the '--' in an SQL Injection query represent?

a: A placeholder for user input Explanation

Explanation

b: The start of a comment in SQL Explanation

Explanation

c: An operator for equality comparison Explanation

Explanation

d: A delimiter for separating commands Explanation

Explanation

SQL injection vulnerabilities