Luckily, the security-minded admin can turn to a tool called sqlmap to check for vulnerabilities in network-based SQL systems. In other words, you almost have to be an expert to watch the security alerts and recreate every potential SQL attack on your own. Most SQL injection attacks, however, require artificial, carefully crafted, and totally un-intuitive input. More importantly, some attack vectors haven't been discovered or adapted yet, so even if you do your best to keep your own systems up to date, it is still a good idea to look for potential problems yourself. However, many potential problems fall through the cracks – either on the development side or because a busy webmaster doesn't have time to install every patch and upgrade every system. Software developers and Linux distribution maintainers are constantly watching for new SQL injection problems, which are often fixed through a security patch. If you watch the Common Vulnerabilities and Exposures website, you'll see that new SQL injection attacks are discovered every week. An SQL injection attack typically exploits a problem in the SQL code – for instance, incorrect filtering for string literal escape characters or insufficient type checking. SQL injection is one of the most common forms of network intrusion.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |