SQL Injection Prevention

Attackers usually make use of SQL injection attacks in order to compromise both the confidentiality and integrity of RDBMS- (relational database management system) powered Web applications. In some cases, even their availability is compromised .

In his "Introduction to SQL Injection Attacks for Oracle Developers," Stephen Kost (2004) says,

application audits have found many web applications vulnerable to SQL injection even though well established coding standards were in place during development of many of these applications. Function-based SQL injection attacks are of most concern since these attacks do not require knowledge of the application and can be easily automated.

SQL injection is a very scary phrase. After all, it has single-handedly been responsible for putting down major government websites and thousands of personal home pages- and everything in between. (Something that has been increasingly popular after the “Techie” generation had puberty- riddled children.) Yet believe it or not, guarding against the attack is simple as a couple of lines of code.

The technique of inputting malicious data into an SQL statement, which would therefore make the vulnerability present on the database layer. Surprisingly, it seems everyone who has recently taken up learning a web development language has to try the technique out on their favourite websites. Luckily for said websites, this technique isn't at all hard to protect against.

What does it do?

Bypasses database level authentication.

Bot attacks on publicly facing web sites

Corrupts the content to be displayed in web application

Malware downloads to anyone viewing a web site using inline JavaScript, iFrames, etc., embedded in
database content

How Fidelis helps you?

We empower your web assets through Code Level Defenses AND Platform-Level Defenses using
robust and intelligent

Design Principles

Coding Practices

Database Practices

Infrastructure Support

Browse Services
Subscribe Newsletter
Home | Company | Services | Portfolio | Skills | Contact Us
Follow us on: