How to Fix SQL Injection Vulnerabilities

How to Fix SQL Injection Vulnerabilities

or most organizations thier database is the heart of its operation (or atleast the kidney). The banks, shopping portals, payment gateways, news portals and even corporate CRM/SAP systems all depend up the database to fetch information, facilitate transactions and store user information. Millions of transactions happen every day on any leading online air ticket booking site. What happens when the critical data that runs your business is not safe anymore? What if an un-authorized person gets access to your database and in-turn your network?

What is an SQL Injection and what can an attacker do?

An SQL Injection attack is a code injection attack when input from an attacker reaches one of your databases without any filteration or validation. As a result of such an attack, a malicious user may be able to:

1. Execute any read / write / update / delete query on your database.
2. Execute system level commands and retrieve the output.
3. Read / write files into any accessible location on the server.

How do I fix an SQL Injection?

The following posts provided specific details for fixing SQL injection vulnerabilities in various programming languages and through a variety of methods.

PHP

• Fixing SQL Injection in PHP and MySQL
• Fixing SQL Injection in PHP and MSSQL
• Fixing SQL Injection in PHP and Oracle

ASP

• Fixing SQL Injection in ASP and MySQL
• Fixing SQL Injection in ASP and MSSQL
• Fixing SQL Injection in ASP and Oracle

.NET

• Fixing SQL Injection in .NET and MySQL
• Fixing SQL Injection in .NET and MSSQL
• Fixing SQL Injection in .NET and Oracle

Java

• Fixing SQL Injection in Java and MSSQL
• Fixing SQL Injection in Java and MySQL
• Fixing SQL Injection in Java and Oracle