Many of us are not familiar with SQL Injection. Those who are network admins or who had already given a long time in IT surely knows something on this. But what about those who are not aware about this term. Many of us today are engaged in online business where we market or provide our service with the help of a website. Your virtual company or shop over the internet which deals with physical product and money. Already companies producing Antivirus software and security tools are engaged in providing the best protection on web. So in year 2012 where he have a long list of Antivirus Software, Services, Tools, etc should lie and let the software worry how to deal with attacks as you are paying for it. Not really. In my concern people should be aware what is going around the web. IT being a part of our life today is found everywhere. In the coming future it is more advanced and vast. Some vulnerability which appeared or might appear is going to put the vast population under risk. Awareness is one thing which can keep you protected. I am not emphasizing that this is the only one risk you should worry about, or don't sleep, No. Precaution is better than cure. Knowledge is never wasted. Lots of proverb no that you can find on Google. Here I tried to accumulate the best information from wherever I can. It can be Wikipedia or any other sources and I swear nothing is tested. So it is entirely on your mindset how you understand this article and respond. Basically what I am trying to do is to create a single place article with simple references that can help me and other to keep a track of this attack.
Let’s come back on the topic. What is SQL Injection ?. In simple word. SQL Injection is a process by which someone can enter your website with some codes without needing any kind of login access and modify your website content. Now this is serious. You might have heard about many news that some sites are hacked and attackers has added adult content on the pages spoiling the entire websites credibility. People who called them hackers, attackers, fancy names, etc are intended to do such thing. It is not valid to define intentions here. SQL Injection deals with a process of adding a SQL statement inside a web from. Those websites which are not properly designed or maintained are the first to get affected. Under this the attacker can access your website Database which is stored in SQL. Once he/she is in they can control your site and till the time you wake things are ruined. Today many CMS are designed by keeping all this thing in mind. Well managed CMS offers you regular updates and security patches to avoid risk. Vulnerabilities are detected and avoided before they reach people.
SQL Injection is not a attack. It is a technique. The attacker is well versed in SQL and he/she is aware about those techniques. So under this you might be wondering to learn SQL from A to Z. Not required. If everyone will learn it, then how development or security companies will earn money. My motive is to define the vulnerabilities that you can avoid on your own. Once you know how such kind of attacks works, what is sql and all you stay safer. We just jump on our seat, put the credit card number and buy the site. All we know the traditional cpanel with number of icons. But when the business takes a major turn where you are on success road, such things can be the reason for your worry. The hosting companies also provide us better security on better money. That does not means that the more you spend the more secure you are. In SQL attack the attacker mostly looks for database. He/She tries to find mostly the credit cards or password or any important data that has value over internet. They use it or exploit it for money process.
This attack give direct access to SQL Database. With the help of a well designed website and query language interpreters it is possible to prevent such kind of attacks. This might seems complicated. If you want to understand the risk of this attack then it is stated in Wikipedia that "In the wild, it has been noted that applications experience, on average, 71 attempts an hour". This is just a wild guess. In SQL Injection the attackers try to convince the application by running a pre-defined SQL query to give expected results.
Bookmarks