SQL injection attacks: What IT pros need to know

SQL injection attacks have been around for a long time, and they remain a major security risk. This ebook explains where the dangers lie and what you can do to protect your organization from these attacks.

From the ebook:

What are SQL injection attacks?
Structured Query Language, or SQL, is a method of managing relational databases that was first conceived in the 1970s. Since then, it has become the standard in database management systems (DBMSes) and can be found in countless organizations around the world.

With the rise of internet, web applications that connected to SQL databases became commonplace, and it took no time at all for SQL injection attacks to become reality. Since first being discovered in 1998, SQLi has been the bane of almost every organization with a data-driven web app.

SQLi works, at least on the surface, in a straightforward manner: An attacker submits a malicious SQL statement in a fillable field that exploits a vulnerability in the web app’s SQL implementation.

If successful, the malicious SQL statement can dump the entire contents of a database or select data like customer records, employee ID/password combinations, or anything else the targeted database contains. SQLi can also give an attacker administrator access to a database, allowing them to delete or modify data.

Depending on the nature of the SQL database, an SQLi attack can even give an attacker access to the operating system of the machine that hosts it, which can allow the attacker to gain access to other network resources.

Subscribe to the TechRepublic Premium Exclusives Newsletter

Save time with the latest TechRepublic Premium downloads, including customizable IT & HR policy templates, glossaries, hiring kits, features, event coverage, and more. Exclusively for you! Delivered Tuesdays and Thursdays.

Subscribe to the TechRepublic Premium Exclusives Newsletter

Save time with the latest TechRepublic Premium downloads, including customizable IT & HR policy templates, glossaries, hiring kits, features, event coverage, and more. Exclusively for you! Delivered Tuesdays and Thursdays.

Resource Details

or

* Sign up for a TechRepublic Premium subscription for $299.99/year, and download this content as well as any other content in our library. Cancel anytime. Details here.

Provided by:
TechRepublic Premium
Published:
May 1, 2019
Topic:
TechRepublic Premium
Format:
PDF
or

* Sign up for a TechRepublic Premium subscription for $299.99/year, and download this content as well as any other content in our library. Cancel anytime. Details here.