Scribd
Upload
80 views6 pages

What-Is-Sql-Injection - IDERA

The document discusses SQL injection, a code injection technique that exploits vulnerabilities in web applications. It explains what SQL injection is, statistics on its prevalence and costs, languages most vulnerable to it, and ways to protect against it such as input validation and least privileged access. It also describes IDERA products that help prevent SQL injection attacks.

Uploaded by

Carlos Trujillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views6 pages

What-Is-Sql-Injection - IDERA

The document discusses SQL injection, a code injection technique that exploits vulnerabilities in web applications. It explains what SQL injection is, statistics on its prevalence and costs, languages most vulnerable to it, and ways to protect against it such as input validation and least privileged access. It also describes IDERA products that help prevent SQL injection attacks.

Uploaded by

Carlos Trujillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

29/8/22, 10:27 what-is-sql-injection | IDERA

← Return to List Next Infographic →

https://www.idera.com/resource-center/infographics/what-is-sql-injection/?utm_source=Eloqua&utm_medium=Email&utm_content=sql-infographic-wha… 1/6
29/8/22, 10:27 what-is-sql-injection | IDERA

https://www.idera.com/resource-center/infographics/what-is-sql-injection/?utm_source=Eloqua&utm_medium=Email&utm_content=sql-infographic-wha… 2/6
29/8/22, 10:27 what-is-sql-injection | IDERA

Transcript Collapse

https://www.idera.com/resource-center/infographics/what-is-sql-injection/?utm_source=Eloqua&utm_medium=Email&utm_content=sql-infographic-wha… 3/6
29/8/22, 10:27 what-is-sql-injection | IDERA

What is SQL injection?

SQL injection (SQLi) is a code injection technique that exploits a security vulnerability occurring in the
database layer of an application. A SQL injection attack occurs when a web application does not
validate input values from i.e. an input parameter or a web form before passing them to SQL queries
that will be executed on a database server.

An example:

User access

Simple ColdFusion query >> http://www.domain.com/file.cfm?CustID=100 >> resulting SQL statements


>> SELECT
FROM Customers WHERE CustID=100 Hacker access
Inject malicious codes >> http://www.domain.com/file.cfm?CustID=100;DELETE Customers >>
resulting SQL statement >> SELECT
FROM Customers WHERE CustID=100;DELETE Customers >> Deletes all data from the customers
table
SQL injection by the numbers

SQL injection accounts for almost 26% of all web application attacks. Akamai’s state of the
Internet report.
The average cost for a minor SQL injection attack exceeds $196,000. Global Threat Intelligence
Report.
On average , it will take nearly 140 days to discover a SQL injection breach. The SQL Injection
Threat Study by DB Networks.

SQL injection vulnerability rates for web applications written in…

Java 21%
.NET 29%
PHP 56%
ColdFusion 62%
Microsoft ASP 64%

Protecting against SQL injection attacks

Separate code from data

First: Code. Create query template.


Then: Add data. Fill in the parameters using the API.
Last: Submit the query.

Validate input data

Data integrity: Data has not been tampered with.


Data validation: Limit check, data type, format and character check.
Business rules: Make sure your data follows your business rules.
Do not perform black-list validation.

2
Always use white-list validation

Assign least privileged accessReduce the risk of a potential SQLi attack by minimizing the access
privileges to your database. SQL Compliance Manager and SQL Secure help protect against SQL
injection by identifying and alerting abnormal activities and providing real-time auditing of all
login activity to SQL Server.

what-is-sql-injection
https://www.idera.com/resource-center/infographics/what-is-sql-injection/?utm_source=Eloqua&utm_medium=Email&utm_content=sql-infographic-wha… 4/6
29/8/22, 10:27
q j what-is-sql-injection | IDERA

SQL Injection (SQLi) is a code injection technique that exploits a security vulnerability occurring in
the database layer of an application. A SQL injection attack occurs when a web application does not
validate input values from i.e. an input parameter or a web form before passing them to SQL queries
that will be executed on a database server. Separating code from data, validating input data, and
assign least privileged access are some ways to protect against SQL injection attacks.

IDERA SQL Compliance Manager and SQL Secure help protect against SQL injection by identifying
and alerting abnormal activities and providing real-time auditing of all login activity to SQL server.
Learn More at →

Start a FREE Trial of SQL Compliance Manager

Contact IDERA:
Contact Sales

Join Our Global Community


Join our email list and receive the latest case studies, event updates, product news, and
much more.

Enter your email SIGN UP

products store support resources legal privacy policy about us idera, inc customer
2
partners contact sales newsletter signup

https://www.idera.com/resource-center/infographics/what-is-sql-injection/?utm_source=Eloqua&utm_medium=Email&utm_content=sql-infographic-wha… 5/6
29/8/22, 10:27 what-is-sql-injection | IDERA

Copyright © 2004-2022 IDERA, Inc.

https://www.idera.com/resource-center/infographics/what-is-sql-injection/?utm_source=Eloqua&utm_medium=Email&utm_content=sql-infographic-wha… 6/6

You might also like