PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
April 2004

Database security tools for preventing SQL injection attacks

Database security has been neglected ever since monolithic mainframes gave way to client-server systems, exposing the SQL command line. Today's n-tier Web environment and tomorrow's n-peer Web services multiply the number of attack points and reinforce the need to separate data security from application security. Database activity can be monitored at three basic layers: attacks that target database components, such as buffer overflows in Oracle or SQL Server; SQL commands that manipulate the database format and/or data, as well as the stored procedures that automate these tasks; and attacks that target specific content within databases. A common attack against databases is SQL injection, through which an attacker manipulates an input form to pass unauthorized commands. Web-app firewalls, like those from Sanctum, KaVaDo, Teros and NetContinuum, identify abnormal behavior and block attacks. Web scanners by Sanctum, KaVaDo and SPI Dynamics also scan and test for SQL injection conditions. These tools watch HTTP traffic, but they ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue