What is the BEST definition of SQL injection?

A.
SQL injection is a database problem.

B.
SQL injection is a web Server problem.

C.
SQL injection is a windows and Linux website problem that could be corrected by applying a website
vendors patch.

D.
SQL injection is an input validation problem.

Explanation:
SQL injection, where instead of valid input, the attacker puts actual database commands into the input fields,
which are then parsed and run by the application. SQL (Structured Query Language) statements can be used
by attackers to bypass authentication and reveal all records in a database.
Incorrect Answers:
A: It is true that underlying the SQL injection attack there is a database, but the SQL injection is only possible ifthe input is not properly validated.
B: SQL injection exploits lack of proper input validation. It does not exploit a web server directly.
C: SQL injection exploits lack of proper input validation. It does not exploit a web server directly.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 1163