Tips to Reject the SQL Inject {2}

by Arlyn R
Gery Menegaz’s article (2012), “SQL Injection Attack: What Is It, and How to Prevent It,” is an informative response to Yahoo!’s recent SQL injection attack. The article warns that websites are frequently attacked because there are many websites that have SQL injection vulnerabilities and their databases hold sensitive information and “critical application information (Menegaz).” The author also advises that SQL injection is well documented, yet many websites still leave the databases exposed even though attacks can be very simple to prevent. Menegaz, also includes in the article code that anyone can use to find forums and websites that show how to attack vulnerable websites and databases. The article’s author recommends the “SQL Injection Prevention Cheat Sheet” on The Open Web Application Security Project (OWASP) website to combat SQL Injection. OWASP’s cheat sheet consist of primary techniques which are: use of parameterized queries, use of stored procedures, escaping all user supplied input. Additional (secondary) defenses include minimizing privileges to every database account (least privilege) and white list input validation. In this article Menegaz summarizes OWASP’s SQL Injection Cheat Sheet. Details on the specific techniques can be found at the url https://www.owasp.org/ index.php/SQL_Injection_Prevention_Cheat_Sheet. read more...