Resources

Datasheets

WebDefend

White Papers

Webinars

Anatomy of a Web Hack SQL Injection

SQL Injection

What is a SQL Injection Attack?

While there are many types of web attacks against your organization, none are as simple or as potentially destructive as what is known as a SQL injection. This attack is used to manipulate your organizations web applications to extract sensitive information straight out of your corporate databases and is one of the more popular attacks employed in identity theft incidents.

Attackers use special characters to exploit web applications by modifying or adding text to a vulnerable area on a website: either a URL with an embedded hard-coded query statement or inside an otherwise innocuous web form. Information is then passed to the database server to obtain complete access to an application’s database.

Identity theft is the primary goal of a SQL injection attack, and it is proving to be a very profitable and successful way for attackers to make a living. The consequences for a company that suffers an attack are devastating financially because of lost customer loyalty, penalty fees, security consulting fees, legal costs, and much more.

Take Protective Measures

Breach Security’s WebDefend web application security appliance is the complete solution to protect your organization from a SQL injection attack. WebDefend is a very cost-effective solution, takes a few minutes to set up, doesn’t require any special skills to maintain and will keep your data safe and prevent any SQL injection exploit from ever happening, no matter what applications you create down the road.

WebDefend protects web application from SQL injection attacks by performing validation on all user input to the application. Each input field or query parameter within the application is identified, typed and specified in the security profile. While validating traffic against an application’s security profile, WebDefend will check all user input to ensure that it is the correct data type and has the appropriate data length. Also, it will check to see that the data does not include any special characters or SQL commands. WebDefend will prevent any SQL injection attacks against a web application by ensuring that user input is only data with no attempts to circumvent an application’s normal behavior.

Learn more about how WebDefend protects you from all web application attacks (link to WebDefend Page).

New SQL Injection Attack Unleashed in 2008