SQL Injection is an attack methodology that targets the data residing in a database through the firewall that shields it.
It attempts to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database.
Database footprinting is the process of mapping out the tables on the database and is a crucial tool in the hands of an attacker.
Exploits occur due to coding errors as well as inadequate validation checks.
Prevention involves enforcing better coding practices and database administration procedures.