SQL Injection

What is an SQL Injection?

An SQL (structured query language) Injection is an exploit that sends commands via a web server to an SQL database to extract personal data or deliver other malware. If the server that houses the database is not designed correctly, a command placed in a form field could then be executed, for instance calling for the database to output customer data.

How to Recognize This Threat: Web application scans and routine database audits showing the presence of questionable HTML tags or suspicious IP addresses may be able to detect that this type of attack has occurred. Web forms tend to be among the most vulnerable and most targeted.

How to Prevent This Threat: These regular scans can provide recommendations on how to fix SQL vulnerabilities. The best ongoing protection for your website though, is a Web Application Firewall. See your options from SonicWall and Barracuda.