What type of attack is SQL injection classified as?

SQL injection is classified as an application layer attack targeting databases because it specifically exploits vulnerabilities in web applications that communicate with databases. In this type of attack, an attacker injects malicious SQL statements into an entry field for execution (for example, through a web form), allowing them to manipulate the database in unintended ways. This can lead to unauthorized access to sensitive data, data corruption, or even the destruction of data.

By targeting the application layer, SQL injection takes advantage of how applications handle user input and interact with database systems. Proper input validation and parameterized queries are essential defenses against such attacks, reinforcing that SQL injection is fundamentally about exploiting application-level weaknesses, hence its classification as an application layer attack.