NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 2.0 Threats

SQL injection (SQLi)

A vulnerability where user input is concatenated into a SQL query, letting the attacker change query semantics. Classic: `' OR 1=1 --` as a password to log in without one.

How this shows up at NCAE

The competition web app will often have a SQLi-vulnerable login. Red team uses it to bypass auth and dump the users table. Defense: parameterized queries, not string concatenation.