SQL injection Attack
A Form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall.
The attacks exploit a vulnerability or vulnerabilities in web applications that communicate with backend servers where the databases are stored. SQL stands for Structured Query Language and refers to a programming language used to add data to an SQL database or retrieve or manipulate that data.
The number of SQL Injection attacks seen by one vendor increased by two-thirds between Q1 and Q2 this year.
According to secure cloud hosting company FireHost, its users were protected from a total of 17 million cyber attacks during the period of April to June 2012. It also claimed that there was a 69 per cent increase in SQL Injection attacks between Q1 and Q2, rising from 277,770 blocked attacks to 469,983.
SQL Injection Prevention
There is no single mechanism that truly offers strong SQL injection protection. Mounting a viable defense against SQL injection requires a comprehensive defense-in-depth strategy. This includes the following:
Deploy Continuous Monitoring
Enforce Coding Best Practices
Baseline Database Infrastructure
Disable Unnecessary Database Capabilities
Enforce Least Privileges
Apply Patches Regularly
Conduct Penetration Testing
Deploy Perimeter Security and Keep Signature Files Updated
Suppress Error Messages
Enforce Password Policies