Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it?

That is “done by escalating privileges to become an internal user of the system”. An attacker can log on to a system with administrative privileges to enable access to the system without using a valid user name and password. In this case, the attacker gains unauthorized access to sensitive information and performs information disclosure, compromises data integrity, and performs authentication bypass. In addition, an attacker can exploit vulnerabilities in the application to gain access to inside information.

Other forms of SQL injection attacks that can be performed to gain access to insider information include the Blind and Second-Order Injection to perform reconnaissance, modify the database contents, gather sensitive information, and collect authentication credentials. It is also important to perform SQL injection errors so that if a website returns error messages in response to the SQL injection attack, it is flagged as a vulnerable site and can be attacked.

Answer by Academic.tip's expert
An answer to this question is provided by one of our experts who specializes in technology & it. Let us know how much you liked it and give it a rating.

Cite this page

Select a citation style:

References

Academic.Tips. (2022) 'Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it'. 30 July.

Reference

Academic.Tips. (2022, July 30). Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it? https://academic.tips/question/why-isnt-input-validation-always-done-if-it-can-mitigate-the-1-cyber-attack-vector-whose-job-is-it/

References

Academic.Tips. 2022. "Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it?" July 30, 2022. https://academic.tips/question/why-isnt-input-validation-always-done-if-it-can-mitigate-the-1-cyber-attack-vector-whose-job-is-it/.

1. Academic.Tips. "Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it?" July 30, 2022. https://academic.tips/question/why-isnt-input-validation-always-done-if-it-can-mitigate-the-1-cyber-attack-vector-whose-job-is-it/.


Bibliography


Academic.Tips. "Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it?" July 30, 2022. https://academic.tips/question/why-isnt-input-validation-always-done-if-it-can-mitigate-the-1-cyber-attack-vector-whose-job-is-it/.

Work Cited

"Why isn’t input validation always done if it can mitigate the #1 cyber-attack vector? Whose “job” is it?" Academic.Tips, 30 July 2022, academic.tips/question/why-isnt-input-validation-always-done-if-it-can-mitigate-the-1-cyber-attack-vector-whose-job-is-it/.

Copy