10 Ways to Prevent or Mitigate SQL Injection Attacks
Feb 24, 2010, 17:33 (1 Talkback[s])
(Other stories by Paul Rubens)
""Failure to Preserve SQL Query Structure (aka 'SQL Injection')"
appears at number 2 in the CWE/SANS TOP 25 Most Dangerous
Programming Errors list published on February 16. And for good
reason: SQL injection attacks pose a massive potential threat to
your organization. That's because, if successful, they could allow
hackers to compromise your network, access and destroy your data,
and take control of your machines.
"What Is SQL Injection?
"The principal behind SQL injection is pretty simple. When an
application takes user data as an input, there is an opportunity
for a malicious user to enter carefully crafted data that causes
the input to be interpreted as part of a SQL query instead of
"For example, imagine this line of code:
SELECT * FROM Users WHERE Username='$username' AND Password='$password'