Sep 20, 2013
Strategy: Anatomy of a SQL Injection Attack
Safeguarding data is one of the most important tasks of any IT organization. But 15 years after its coming-out party, SQL injection remains a threat to databases of all sizes. Attackers have the tools and motivation to go after vulnerable Web applications and use them as a gateway into a company’s database. Once inside, the level of havoc that can be wreaked ranges from stolen data to data corruption.
In any case, failure to protect against SQL injection attacks is a serious security lapse. Indeed, database designers and application developers are far from helpless — by properly sanitizing user input and taking steps such as limiting the information in error messages, IT can do its part to protect the organization from the type of data theft sure to make headlines. In this Dark Reading report, we examine how a SQL injection attack is levied and provide tips on how you can mitigate the risk of such attacks. (S7390913)