SQL Injection

by Irving A
According to the article written by Qian Xue and Peng He for Shannxi College of
Communication Technology, MS SQL Server, one of the main products in the database market
today, accounts for about 38% of relational databases software market share and 68% of Web
database market share. This is a positive aspect for strengthening safety on the internet such as
the SQL model which detects and defends from dangerous attacks. SQL injection attack aims
at programming during the application development process, which makes this kind of attack
valid for most firewalls on computers. This might just mean that the process is already on the
right path, but it might need improvement. There aren’t many tools specifically for SQL injection
attacks currently, but Wpoison is helpful for the development.

SQL injection attach is a model intended to prevent attacks and records them simultaneously.
It deploys a smart program on the computer and the server, which checks the length and data
type. For web databases with SQL Server, a DDL (Detection-Defense-Log) Model against SQL
injection is created. Symantec Internet Security Threat reported that in October of 2003 the
overall attack rates on the internet raised 19% from January to June of 2003. This statistic shows
that security on the internet has become a lot more serious and necessary. Injection Detention
Systems (IDS) is the mode used to increase internet security. WebCohort also published that at
least 92% of network applications are suffering from hacker attacks in other forms. Another fact
also from WebCohort also indicated that 60% of such network applications may be attacked by
SQL injection.

While many attackers and hackers continue to find their way into computers, the SQL method of
programming has allowed blocking of many of these hacker attacks for web databases. However,
it is important to keep the protection current and updated considering how fast attackers are
expanding on the internet. Outdated SQL systems are more susceptible to malicious attacks that
have access so sensitive information stored on computers. This also indicated that the use of
a DDL Model is highly recommended for additional protection and precaution. However, it is
also important to note the importance of investing time and funds endlessly in maintaining these
models do to the fast expansion of malware while on the internet.


Quian XUE, P. H. (2011, September 23-25). On Defense and Detection of SQL SERVER Inhection Attack. Retrieved November 2011, from IEEE Xplore Digital Library : http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6040534&tag=1

  1. This blog took me an estimated 210 minutes.
  2. I read 5 blog posts by my classmates this week.
  3. Comments for this week took me 30 minutes.