Read: Class 39 ‐ SQLi with Burp Suite, WebGoat
Understanding SQL Injection, Identification and Prevention
SQL injection is an attack technique where a malicious user injects SQL commands into input fields of a web application, in order to gain unauthorized access to a database. The attacker's SQL code gets executed along with the legitimate SQL queries issued by the web application.
For example, if a web application has a user login page that constructs an SQL query like this:
sql = "select * from users where username ='" + username + "' and password ='" + password + "'"
An attacker could enter the following as the username:
' or '1'='1
This will result in the full SQL query becoming:
select * from users where username='' or '1'='1' and password= ''
Which will return all user records, allowing the attacker to gain access.
-
Use parameterized queries or stored procedures instead of concatenating user input into SQL strings.
-
Validate, sanitize and escape all user input. Remove malicious characters.
-
Enforce least privileges for database users. Restrict access only to required data.
-
Implement a web application firewall with SQL injection detection rules.
-
Monitor database logs for anomalous queries that indicate possible SQL injection attempts.
-
Keep database drivers and software up to date with the latest security patches.
I would like to know more about other database vulnerabilities - SQL injection is just one type of database attack. I would like to expand my knowledge to cover other common vulnerabilities like XXE injection, NoSQL injection, blind SQL injection, etc.