Mitigating SQL Injection Attack Threats
Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a Web page and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of over-elevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities. Since SQL injection is possible even when no traditional software vulnerabilities exist, mitigation is often much more complicated than simply applying a security patch.
The following mitigation strategies and best practices can be used to minimize the risks associated with this attack vector: As with any system or architecture changes, local administrators are best positioned to know which strategies are appropriate for their specific networks and systems.
Included in this ZIP file are:
- Intro Page.doc
- Terms and Conditions.pdf
- Mitigating SQL Injection Attack Threats.pdf