Six Steps to Stop SQL Injections - IT Management

IT Management - Baseline

Baseline

Six Steps to Stop SQL Injections

IT Management: Six Steps to Stop SQL Injections
Share By Baselinemag on 2009-06-08 According to IBM ISS X-Force findings, SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections.
		See All Slideshows Never Trust Input Coders get themselves in trouble with injection attacks when they fail to validate user input. Don’t use Dynamic Tables Set parameters for SQL to thwart hackers from inserting their own SQL command into your code. Encrypt Data If attackers are successful in getting in and passwords are stored in clear text, they’ve hit the motherlode. Throw up a speedbump and encrypt. Implement rules of least privilege Hackers love it when coders set their web applications to access the database via the admin account. Implement Code Review Processes and tools need to be implemented that check the security of code before it goes live. Hire a pen tester What you don’t know CAN hurt you. Hire penetration testers to find out how vulnerable your sites really are.

Baseline:	Issue Index \| Contact Us \| About \| Media Kit \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.