Top 10 Interview Questions: SQL Injection | OWASP | Application Security

SQL Injection is one of the most identified vulnerabilities in web applications. This blog covers the top 10 interview questions and answers related to SQL injection. A1 - Injection is the topmost vulnerability listed in OWASP Top 10.

Q1. What is SQL Injection?

Ans: SQL injection is a vulnerability by which an attacker executes malicious SQL queries on the backend database by manipulating the input to the application.

Q2. Is it just ASP and SQL Server that are both platforms vulnerable?

Ans: SQL injection is the most widespread vulnerability among all platforms. Improper input validation and the use of dynamic SQL queries are the main causes of SQL injection.

Q3. Apart from username and password which variables are candidates for SQL Injection?

Ans: Any input field like credit card number, account number, etc., which extracts data from the database by using where clause are the candidates of SQL injection. In addition, to form fields, an attacker can use hidden fields and query strings for successful exploitation.

Q4. What’s the worst an attacker can do with SQL?

Ans: SQL, is a language used to create and manage databases stored in RDBMS. If SQL injection vulnerability is available in the application, the following are the possibilities:

  1.  Bypass authentication may be possible
  2.  confidentiality of data may be lost as an attacker may be able to see data on exploiting SQL injection vulnerability
  3.  an attacker can delete entries in the database
  4.  an attacker can alter data in the database

Q5. What is Blind SQL Injection?

Ans: Blind SQL Injection is a type of SQL injection where an attacker asks true and false questions to the database. Based on error messages, attackers craft more specific questions to the database to extract more information. This is a little difficult to exploit but not impossible.

Q6. How do we prevent SQL Injection in our applications?

Ans: Here are some options to prevent SQL injection:

  1. Use prepared statements to write database queries.
  2. Sometimes the use of stored procedures also helps in mitigating SQL injection.
  3. Use whitelist input validation.
  4. Provide less privilege to the database account. Don't grant rights related to creating and delete to application accounts. Avoid running DBMS as root or system.

Q7. I'm using stored procedures for authentication, am I vulnerable?

Ans: The use of stored procedures is one way to secure web applications from SQL injection attacks. By using a stored procedure, the user input is no longer used to build the query dynamically. But still, one way left for SQL injection attack is if the stored procedure took input and used the same input to build a query without validating it. However, it is difficult in the practical scenario, but not impossible.

Q8. I'm using client-side JavaScript code for checking user input. Isn't that enough?

Ans: If client-side Javascript code is checking user input, then it is not enough to mitigate SQL injection. An attacker may intercept requests in any proxy tool such as OWASP ZAP, Burpsuite, etc., and change the input of the request field.

Q9. Are Java servlets vulnerable to SQL injection?

Ans: Yes, Java servlets are also vulnerable to SQL injection if input validation is not enforced and builds SQL queries dynamically. Java servlets also have some mechanisms to mitigate SQL injection, such as Callable Statements and Prepared Statements.

Q10. Can an automated scanner discover SQL Injection?

Ans: Although security researchers work very hard to develop an automated scanner that discovers all the issues, sometimes the scanner misses some issues. So it is good practice to check SQL injection manually while doing security testing.

Miscellaneous Interview Questions

Q. List out some methods to detect SQL Injection Vulnerabilities.

Ans: Methods to identify SQL Injection vulnerability in a web application:

  • The most obvious method is to enter a single quote ' in fields and check for errors.
  • Enter Boolean conditions like "OR 1=1", "OR 4=9" etc., and identify anomalies in responses.
  • Fuzzing with SQL payloads and watching errors
  • Fuzzing with different time-based payloads and checking delays in responses

Q. Is it possible to identify SQL injection vulnerability by code review?

Ans: Yes, code review is the best way to identify this type of vulnerability.

Q. Can we examine databases by using SQL injection?

Ans: Yes, It is the most important step that helps in knowing the database used in the application. This can be done by using different queries to identify the type and version of the database software. You can use the below queries to examine the database:

Sr. No.Type of DatabaseQuery
1. PostgreSQLSELECT version()
2. OracleSELECT * FROM v$version
3.MicrosoftSELECT @@version
4.MySQLSELECT @@version

Q. Mention specific tools to identify SQL injection vulnerabilities.

Ans: sqlmap is an open source tool that may be used to identify security vulnerabilities in web applications related to SQL injection. You can also use different Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools to identify vulnerabilities related to SQL Injection.

Q. Mention some payloads related to SQL injection vulnerability.

Ans: Below is the list of some payloads that may be used to identify SQL injection vulnerability:

'
`
"
/
\
;
' or "

Q. How to test for SQL Injection vulnerabilities?

Ans: SQL Injection may be tested by using the following techniques:

  • Just submit a single quote character  ' in the text fields or in any other input parameter. If SQL specific error comes, it confirms SQL Injection vulnerberabily
  • Try different SQL payloads (including boolean 1=1, 1=2, etc.) and analyze application response
  • Try the time delay function (e.g. sleep) and analyze the application response
  • Use automated tools such as Burpsuite, sqlmap, etc. to identify vulnerabilities related to SQL injection

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

2 Responses

  1. Alex says:

    Thanks for the article! Your Q&A have been added to our resource https://www.fullstack.cafe and backlinked!

  2. resilient says:

    most of these questions came application security consultant or penatration interviewer.however I was able to answer these kind of answers.i wasn’t able to answer being asked such how do perform DOM XSS and how do you test XSS.i would be happy if you can post this kind of questions by answering.

Leave a Reply

Your email address will not be published.