SQL Injection & DDOS

Lesson Instructions

Watch and follow the YouTube video, the lesson contains three parts:

Key Information and content - all you need to do here is watch and listen. We recommend you take some notes for this one!
Learning activity - there is one activity to complete. You will need to complete the fill in the blanks
Consolidation - these are past exam question and are for deliberate practice to check your understanding.

SQL and DDOS Full Lesson Video.mp4

Task - Fill in the Blanks

SQL Injection Activity

Task - Exam Questions - Deliberate Practice

Exam Questions - Web

Mark Scheme

Question 1

malicious code entered
... into a website form
to modifu the SQL statement that is executed
... resulting in unauthorised access/modification of data/deletion of data/insertion of data

Question 2

Validation on user input
... check what has been input into a box does not contain SQL statements /disallowed characters
Escaping input strings
... indicate that characters are to be ignored for processing
Penetration testing
... someone tests for vulneravilities and reports back
Prepared statements / parameterised queries / stored procedures
... attempt to restrict what SQL can be executed

Question 3

Virus
Software that replicates itself
Deletes data // fills hard drive space // slows computer

Denial of service attack
People/software make many requests for data from a webserver
Webserver cannot respond to all requests and crashes

Brute force attack
Discovers passwords/login information

Page updated

Report abuse