Home » Threats » SQL-injection Attack

SQL-injection Attack

SQL Injection is a technique often used to attack databases through a website. Invalid processing of user supplied data allows intruders to include a malicious SQL statement that is executed by the database. A successful attack may involve the following security violations:
  • reading sensible and restricted data from the database, such as logins and passwords
  • modifying database content, such as adding or deleting a user account
  • accessing files, such as authentication file
  • executing commands in the operating systems
SiteDefensor uses a dedicated, non-relational database for secure storage of logins, passwords and user sessions. Even if your website is vulnerable to SQL Injection attack, the intruders will not be able to gain access to SiteDefensor database. However, in any case, you should secure your relational database to prevent access to the file system or executing system commands. If you are uncertain whether your database system is secure, we encourage you to try FINESEC Security Check.
 
Copyright © 2011-2015 FINESEC Sp. z o.o.
HTML design by: webmania.pl