In the context of cybersecurity, what does SQL injection target?

• A. The network firewall
• B. The database management system
• C. User email addresses
• D. The web server infrastructure

Answer: (B)

SQL injection primarily targets the database management system (DBMS). This type of attack occurs when an attacker is able to manipulate a web application's SQL queries by injecting malicious SQL code. This can allow the attacker to bypass application security measures and gain unauthorized access to data stored in the database or even modify its contents.

When a web application relies on user input to build SQL queries and does not properly validate or sanitize that input, an attacker can exploit this vulnerability. For example, the attacker might insert SQL commands that can access, modify, or delete database records, compromising the integrity and confidentiality of the data.

In contrast, while network firewalls, user email addresses, and web server infrastructures can all be part of the overall security landscape, they are not the direct targets of SQL injection attacks. Instead, SQL injection specifically aims to exploit the interactions between the application and the database, making the DBMS the focal point of such vulnerabilities.