Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
April 2004

Database security tools for preventing SQL injection attacks

Database security has been neglected ever since monolithic mainframes gave way to client-server systems, exposing the SQL command line. Today's n-tier Web environment and tomorrow's n-peer Web services multiply the number of attack points and reinforce the need to separate data security from application security. Database activity can be monitored at three basic layers: attacks that target database components, such as buffer overflows in Oracle or SQL Server; SQL commands that manipulate the database format and/or data, as well as the stored procedures that automate these tasks; and attacks that target specific content within databases. A common attack against databases is SQL injection, through which an attacker manipulates an input form to pass unauthorized commands. Web-app firewalls, like those from Sanctum, KaVaDo, Teros and NetContinuum, identify abnormal behavior and block attacks. Web scanners by Sanctum, KaVaDo and SPI Dynamics also scan and test for SQL injection conditions. These tools watch HTTP traffic, but they ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close