SQL injections attacks have been on the number one list of dangerous threats to information systems for over a decade. The threats of an injection attack do not seem to go away or rather slow down BUT seems to get more complicated and more dangerous every time one is launched successfully.
Are the current mitigation techniques well crafted to halt the attacks or its high time new methods of protecting data in-situ are designed?
What do you think?
What is the primary method of mitigating SQL injection attacks?
Option 1: Use of Prepared Statements (with Parameterized Queries) Option 2: Use of Stored Procedures. Option 3: Allow-list Input Validation. Option 4: Escaping All User Supplied Input.
SQL Injection attacks are unfortunately very common, and this is due to two factors:
It's somewhat shameful that there are so many successful SQL Injection attacks occurring, because it is EXTREMELY simple to avoid SQL Injection vulnerabilities in your code.
SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input. To avoid SQL injection flaws is simple. Developers need to either: a) stop writing dynamic queries; and/or b) prevent user supplied input which contains malicious SQL from affecting the logic of the executed query.
Primary Defenses:
- Option 1: Use of Prepared Statements (with Parameterized Queries)
- Option 2: Use of Stored Procedures
- Option 3: Allow-list Input Validation
- Option 4: Escaping All User Supplied Input
Additional Defenses:
- Also: Enforcing Least Privilege
- Also: Performing Allow-list Input Validation as a Secondary Defense
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://www.computerweekly.com/tip/How-to-detect-and-stop-SQL-injection-attacks
https://dzone.com/articles/what-is-the-sql-injection-vulnerability-amp-how-to
https://www.acunetix.com/websitesecurity/sql-injection/
Thank you for your contributions Len Leonid Mizrah and Tirth Patel
- Badges
- Science topic
- Similar topics
- Social Psychology
- Attitude