Wednesday, February 22, 2023

SQL Vulnerabilities and Defense

Though we didn't go over this as an assignment SQL definitely caught my eye. This was primarily because of my small background in coding and Cyber security. I remember a few years back that many of my friends who also were majoring in Computer Science, complained for weeks about having to learn SQL. But personally I remember it more from the cyber security field. SQL Injections are a rather common malicious attack. Essentially a hacker would insert SQL code to gain access to information that wouldn't be displayed to any user. 



About 1/4 of all applications are vulnerable to an SQL injection. A few ways a developer can defend against a SQL attack is by properly securing their databases with other coding languages such as Java, PHP, and .NET. It is also recommended for developers to keep their software up to date because old libraries and packages that once were secure can be exploited. This may be random but there is always some sort of hack taking place at any given moment! First step of prevention is being aware of the problems!


Someone who can explain SQL Injections far better than me :)

& Pretty cool site I visit often, here you can view live cyber attacks being reported!

11 comments:

  1. 1/4 are vulnerable? Didn't know that statistics! Thank you :-)

    Good job on choosing a topic from Chapter 2 that not assigned: 2.6.4 SQL ^_^

    Even better job on building on top Structure Query Language (SQL) to a more advanced topic!

    ReplyDelete
  2. Very interesting! I definitely need to learn more about what goes into keeping software safe in today's world.

    ReplyDelete
  3. Yes hacking is everywhere and anything can be exploited now a days.

    ReplyDelete
  4. Hacking is a very scary thought for everyone. For example, recently at work we encounter a hacking incident which caused the company to reset almost all our documents.

    ReplyDelete
  5. I just wish people could use their gifts for good and not evil. For me, it is just overwhelming to keep up with, just when you think you might have a handle on it, something else pops up. It is exhausting.

    ReplyDelete
  6. This was almost all completely gibberish to me, lol. I definitely need to stay vigilant and informed about the latest security threats and vulnerabilities, as it's important to be aware of the risks associated with SQL injections and the ways to defend against them!

    ReplyDelete
  7. I am going to learn SQL recently. Thanks for introducing it to us. I can't wait to know more about SQL.

    ReplyDelete
  8. SQL can we call is sequel? It makes sense to make program in variety of computer language as it will be harder to hack them.

    ReplyDelete
  9. This much goes into cyber security? Oh my, makes me really appreciate the complexity behind it all.

    ReplyDelete
  10. Placeholders are enough to prevent injections. You might still be open to buffer overflows, but that is a completely different flavor of attack from an SQL injection (the attack vector would not be SQL syntax but binary). Since the parameters passed will all be escaped properly, there isn't any way for an attacker to pass data that will be treated like "live" SQL.

    ReplyDelete