Simple SQL Injection Example – Review Security and Remediate

Simple SQL Injection Example – Review Security and Remediate

Something I regularly do, is review security against attacks and remediate if required.

This example is a simple SQL injection attack.

There is a few things in addition to code which can either prevent, log or alert this activity. Some examples listed below

  • Restrict special characters in usernames ( this wouldn’t pass the “*” )
  • Software Firewalls should block SQL injection ( This blocks the Select statements )
  • ATP (Advanced Threat Protection) monitoring access to the SQL database will alert also. (This can either log or block the traffic)

Example: Web Site – SQL injection in the username of a web portal

Username: “Select * From table 1”

Password : Blank

Result

Access Denied. Potential loophole is blocked.

Reason

One of the many firewall rules in place blocks SQL injection and the platform restricts special characters being used as usernames.

Steve

Comments are closed.