The Simplest Way to Detect the SQL Injection Attack (SQLi)

October 7, 2014
(192 views)

SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, SQL injection vulnerabilities still plague 32% of all web applications. One of the big reasons is the attractiveness of the target – the database typically contains the interesting and valuable data for the web application.

1

A SQLi attack involves inserting a malformed SQL query into an application via client-side input. The attack perverts the intentions of web programmers who write queries and provide input methods that can be exploited. Using <<injection flaws>>, they can strike not only SQL, but operating systems and LDAP can fall prey to SQLi. They involve sending entrusted data to the interpreter as a part of the query. The attack tricks the interpreter into executing commands or accessing data. Attackers use this exploit to modify entries in your database, execute commands on the database (delete databases, change permission and so on) and read and infiltrate data from your databases.

Remediating SQLi attacks involves fixing coding defects that allow user-supplied input that can contain malicious SQL from modifying the logic of the query.

The first step in dealing with SQLi exploits is detecting and investigating them.  When being under....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
monroerl
9 years ago

The Simplest Way to Detect the SQL Injection Attack (SQLi) isn’t an article, it’s an advertisement. Gotta love free publicity. How about writing an article on detecting SQL injections using open source tools or using your IDS/Firewall/security program? That would be nice because this ad doesn’t exactly tell the reader how their program works, what makes it different from the dozens of other similar products and why I should even care about reading the second paragraph downward. Snort does all of this stuff and it’s free. Check your CSS, HTML, Ajax, SQL input and python code for improper form scripting… Read more »

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.