SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections.
Never Trust Input
Coders get themselves in trouble with injection attacks when they fail to validate user input.
Don’t use Dynamic Tables
Set parameters for SQL to thwart hackers from inserting their own SQL command into your code.
Encrypt Data
If attackers are successful in getting in and passwords are stored in clear text, they’ve hit the motherlode. Throw up a speedbump and encrypt.
Implement rules of least privilege
Hackers love it when coders set their web applications to access the database via the admin account.
Implement Code Review
Processes and tools need to be implemented that check the security of code before it goes live.
Hire a pen tester
What you don’t know CAN hurt you. Hire penetration testers to find out how vulnerable your sites really are.
No comments :
Post a Comment