Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
SQL injection (SQLi) attacks are common and can be easily performed with automation tools. Often, web applications contain vulnerabilities that enable SQLi attempts to be successful. Depending on the type of malicious SQL query and the ultimate objective of the attacker, the impact to a business can be significant if sensitive data is stolen or manipulated.
The system might change the risk score for this detection.
Kill Chain
Risk Score
65
Database-driven web applications enable users to make purchases or access secure information. For example, a username and password becomes part of a query that the web application runs against a relational database. SQLi attacks manipulate underlying database queries by inserting unvalidated or untrusted data to form a new query. If the web application lacks proper input validation, the attacker-crafted SQL query runs the malicious query, resulting in possible sensitive data exposure, exfiltration, or manipulation. For example, "if true" SQL statements (OR 1=1) or comment delimiters (-- ;) that are injected after a username can create a query that bypasses authentication controls.
Implement the least privilege model for application accounts and remove root or system access on database accounts, which can help minimize potential damage
Implement prepared statements with parameterized queries, which enables the database to clearly distinguish between code and user input
Implement stored procedures that enforce parameterized queries
Enforce input validation
Review the SQL Injection Prevention Cheat Sheet provided by the Open Web Application Security Project (OWASP)
