Glossary
SQL injection
An attack that slips hidden commands into a form to manipulate a site's database.
SQL injection takes advantage of a site that does not check what the user enters. By inserting commands into a field, a hacker can bypass a password, read forbidden data, or even modify or delete it. You protect against it by filtering inputs and building queries correctly, on the development side.
See also
Cross-site scripting (XSS)An attack that injects code into a site to trap other visitors via their browser.Privilege escalationWhen an attacker manages to grant themselves more rights than they had at the start.Lateral movementA hacker's progression from a compromised machine to others, to extend their hold on the network.APT (advanced persistent threat)A highly organised, well-funded attacker who settles in for the long term to spy or sabotage over time.