Six Steps to Stop SQL Injections

By Baselinemag on 2009-06-08

According to IBM ISS X-Force findings, SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections.

Never Trust InputCoders get themselves in trouble with injection attacks when they fail to validate user input.

Six Steps to Stop SQL Injections - IT Management

Don’t use Dynamic TablesSet parameters for SQL to thwart hackers from inserting their own SQL command into your code.

Encrypt Data If attackers are successful in getting in and passwords are stored in clear text, they’ve hit the motherlode. Throw up a speedbump and encrypt.

Implement rules of least privilegeHackers love it when coders set their web applications to access the database via the admin account.

Implement Code ReviewProcesses and tools need to be implemented that check the security of code before it goes live.

Hire a pen testerWhat you don’t know CAN hurt you. Hire penetration testers to find out how vulnerable your sites really are.

Recent Slideshows

See All Slideshows

	LATEST STORIES
	- Things that Make Your CEO Nervous - 10 Ways to Work With People You Hate - How You Spend $120,000 on Coffee and Lunch - Five Terrible Excuses for Being Late to Work - DRM Moves Beyond Hollywood

Baseline Newsletters

FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

Brought to You By

FEATURED SPONSORED VIDEOS

Security and Availability Essentials for Running Your Business in the Cloud

Cyber Security Trends and Challenges for 2012

IPv6 Integration and Migration

View More Videos

Brought to You By


		Get up and running in as quickly as 30 days with BI. Learn how today. FREE Securing Smartphones & Tablets for Dummies Book from Sophos 5 New Technologies That Will Change Enterprise IT Build an IT Infrastructure That Delivers the Future

Baseline:	Issue Index \| Contact Us \| About \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Technology White Papers \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.