SQL Injection: The definitive guide


SQL Injection: The definitive guide

An SQL Injection is an attack targeted to a vulnerable system.
Here I will show you the strategies to adopt for your security.
Let’s begin!
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
These attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
[Resource: Wikipedia]
It is one of the most common attacks on the websites.
The best passwords and the best mindset may not be enough.
If you have a website that uses this type of database, you must learn how to defend it.
An example of attack:
User:
Password:

Here 5 points to defend yourself:
1. Update your system.
We can’t see a lot of problem about the vulnerability.
Update the scripts (management systems, forums) to fix those problems.
2. Reducing the privileges.
Your service must not have higher privileges to counter hacking techniques that require them.
3. Checking of information.
An error message helps hackers to find the vulnerabilities.
Configure IIS to send a generic error message instead of a specific message.
4. Blacklist.
A list of characters not allowed.
The first to put in is this: ‘
The other is the “space” character.
5. Whitelist.
A list of characters allowed.
This method is more complex than the previous.
With a good management of characters allowed, this can be a good solution.
Click +1 if you liked the article 😉

Comments

Popular posts from this blog

4 Ways to Crack a Facebook Password and How to Protect Yourself from Them

Learn How to Code: 22 Free Online Resources

IDM LIFETIME HACK FREE -- RESET TRIAL