Something I regularly do, is review security against attacks and remediate if required.
This example is a simple SQL injection attack.
There is a few things in addition to code which can either prevent, log or alert this activity. Some examples listed below
- Restrict special characters in usernames ( this wouldn’t pass the “*” )
- Software Firewalls should block SQL injection ( This blocks the Select statements )
- ATP (Advanced Threat Protection) monitoring access to the SQL database will alert also. (This can either log or block the traffic)
Example: Web Site – SQL injection in the username of a web portal
Username: “Select * From table 1”
Password : Blank
Result
Access Denied. Potential loophole is blocked.
Reason
One of the many firewall rules in place blocks SQL injection and the platform restricts special characters being used as usernames.