Mitigating SQL Injection Attack Threats

    Mitigating SQL Injection Attack Threats

    Since SQL injection attacks are very hard to detect, prevention is the best approach. Use these recommendations and best practices provided by US-CERT.

    Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a Web page and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of over-elevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often much more complicated than simply applying a security patch.

    The following mitigation strategies and best practices can be used to minimize the risks associated with this attack vector: As with any system or architecture changes, local administrators are best positioned to know which strategies are appropriate for their specific networks and systems.

    Included in this ZIP file are:

    • Intro Page.doc
    • Terms and Conditions.pdf
    • Mitigating SQL Injection Attack Threats.pdf

    Latest Articles