SQL Injection & DDOS

Lesson Instructions

Watch and follow the YouTube video, the lesson contains three parts:

  1. Key Information and content - all you need to do here is watch and listen. We recommend you take some notes for this one!

  2. Learning activity - there is one activity to complete. You will need to complete the fill in the blanks

  3. Consolidation - these are past exam question and are for deliberate practice to check your understanding.

Task - Fill in the Blanks

SQL Injection Activity

Task - Exam Questions - Deliberate Practice

Exam Questions - Web

Mark Scheme

Question 1

  • malicious code entered

  • ... into a website form

  • to modifu the SQL statement that is executed

  • ... resulting in unauthorised access/modification of data/deletion of data/insertion of data

Question 2

  • Validation on user input

  • ... check what has been input into a box does not contain SQL statements /disallowed characters

  • Escaping input strings

  • ... indicate that characters are to be ignored for processing

  • Penetration testing

  • ... someone tests for vulneravilities and reports back

  • Prepared statements / parameterised queries / stored procedures

  • ... attempt to restrict what SQL can be executed

Question 3

  • Virus

  • Software that replicates itself

  • Deletes data // fills hard drive space // slows computer

  • Denial of service attack

  • People/software make many requests for data from a webserver

  • Webserver cannot respond to all requests and crashes

  • Brute force attack

  • Discovers passwords/login information