SQL Injection

If you have any problem with SQL Injection we can help you
 

SQL INJECTION

When a web application fails to sanitize user supplied input entered in the input fields, it is possible to enter malicious SQL statements, thereby providing the attacker the ability to retrieve more data from databases. The impact of the attack can allow attackers to gain total control of the database or even the system.

DETECTING SQL INJECTIONS

First step is to inventory your web pages which accept user input and connect to a backend database server for data access.

Second step is to identify all input fields which accept  values that can be used in crafting SQL queries.

The third step is to test application for SQL injections using the following procedures:

 

  • Enter a semicolon (;) or single quote (‘) to the input field.
  • If the input field is not being filtered correctly , it will generate an error message which tells you that it is vulnerable to SQL injection.
  • Also comments (–) and other SQL keywords like OR and AND can be used to test the input field.

AVOIDING SQL INJECTIONS

Web programming best practices should include:

  • Validate user input by adding checking for variable Length, Type, Format and Range.
  • When possible reject input values that contain semi-colon, single quote, comment delimiter (–), comment delimiter (/*…*/) and (xp_)
About 7LTEK
System Installation and Upgrades OS and Application Patching Performance Analysis System and Application Monitoring and Alerting Backup Assurance, Recovery Emergency (down database) support Vendor support (Microsoft Premiere Support / Oracle Linux Support) Remote management Support load balancing, clustering, etc…
Learn More
Find Us
Address
2050 Martin Ave
Santa Clara Ca. 95050

Hours
Monday—Friday: 9:00AM–5:00PM
Saturday & Sunday: 11:00AM–3:00PM

System Administration
Service Catalog