10 Ways to Prevent or Mitigate SQL Injection Attacks

""Failure to Preserve SQL Query Structure (aka 'SQL Injection')" appears at number 2 in the CWE/SANS TOP 25 Most Dangerous Programming Errors list published on February 16. And for good reason: SQL injection attacks pose a massive potential threat to your organization. That's because, if successful, they could allow hackers to compromise your network, access and destroy your data, and take control of your machines.

"What Is SQL Injection?

"The principal behind SQL injection is pretty simple. When an application takes user data as an input, there is an opportunity for a malicious user to enter carefully crafted data that causes the input to be interpreted as part of a SQL query instead of data.

"For example, imagine this line of code:

SELECT * FROM Users WHERE Username='$username' AND Password='$password'

Complete Story

Related Stories:

• Mitigate the Security Risks of PHP System Command Execution(Jan 29, 2010)
• Microsoft: Hole Exploit Endangers All IE Versions(Dec 13, 2008)
• Preventing MySQL Injection Attacks With GreenSQL On Debian Etch(Oct 30, 2008)
• Installing ModSecurity2 On Debian Etch(Jul 09, 2007)