Find an IT Download

Mitigating SQL Injection Attack Threats

Since SQL injection attacks are very hard to detect, prevention is the best approach. Use these recommendations and best practices provided by US-CERT.

388 KB | 3 files | null DOC,null PDF

Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a Web page and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of over-elevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often much more complicated than simply applying a security patch.

The following mitigation strategies and best practices can be used to minimize the risks associated with this attack vector: As with any system or architecture changes, local administrators are best positioned to know which strategies are appropriate for their specific networks and systems.

Included in this ZIP file are:

  • Intro Page.doc
  • Terms and Conditions.pdf
  • Mitigating SQL Injection Attack Threats.pdf


Recent IT Downloads
Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversat...Read More

Recent IT Downloads
Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat inform...Read More

Recent IT Downloads
Colocation Checklist

This checklist will help make sure you ask the important questions that will affect your coloc...Read More

Recent IT Downloads
Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including ...Read More