IT Management - Baseline
Home arrow IT Management arrow Six Steps to Stop SQL Injections

Six Steps to Stop SQL Injections

By Baselinemag on 2009-06-08


According to IBM ISS X-Force findings, SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections.
  • of
Never Trust InputCoders get themselves in trouble with injection attacks when they fail to validate user input.

Don’t use Dynamic TablesSet parameters for SQL to thwart hackers from inserting their own SQL command into your code.

Encrypt Data If attackers are successful in getting in and passwords are stored in clear text, they’ve hit the motherlode. Throw up a speedbump and encrypt.

Implement rules of least privilegeHackers love it when coders set their web applications to access the database via the admin account.

Implement Code ReviewProcesses and tools need to be implemented that check the security of code before it goes live.

Hire a pen testerWhat you don’t know CAN hurt you. Hire penetration testers to find out how vulnerable your sites really are.

  • More slideshows

 
LATEST STORIES

rss graphic
       Baseline Newsletters