IT Management - Baseline
Home arrow IT Management arrow Six Steps to Stop SQL Injections

IT Management: Six Steps to Stop SQL Injections


Share

By Baselinemag on 2009-06-08

According to IBM ISS X-Force findings, SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections.

 

  • Never Trust Input

    Coders get themselves in trouble with injection attacks when they fail to validate user input.

  • Don’t use Dynamic Tables

    Set parameters for SQL to thwart hackers from inserting their own SQL command into your code.

  • Encrypt Data

    If attackers are successful in getting in and passwords are stored in clear text, they’ve hit the motherlode. Throw up a speedbump and encrypt.

  • Implement rules of least privilege

    Hackers love it when coders set their web applications to access the database via the admin account.

  • Implement Code Review

    Processes and tools need to be implemented that check the security of code before it goes live.

  • Hire a pen tester

    What you don’t know CAN hurt you. Hire penetration testers to find out how vulnerable your sites really are.