SQL Injection - Database Vulnerability

What is it?

SQL injection, is an extremely damaging attack in which hackers will attempt to access information stored in your database, such as customer data or user ID's and passwords. SQL stands for Structured Query Language and is the programming language understood by databases. By inserting commands from this programming language into fields on your website's input forms, hackers can gain access to the database records of vulnerable sites, stealing credit card data, passwords, e-mail addresses and any additional data available in the database.

What is the impact?

The impacts of this type of attack can be devastating. A recent example is the attack carried out on Sony's networks, in which thousands of credit cards were stolen. The company has spent millions to recover. It can also badly damage your company's reputation by exposing your customers' private data to criminals.

How does SiteLock protect me?

SiteLock's SQL injection scanning reviews all of the files and applications on your website to detect any injections that have been inserted in your website code. If infiltration is identified, you will be notified immediately via email. Your SiteLock dashboard will show a list of infected pages, and SiteLock Expert Services team can help you repair your website.

What can I do about it?

Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in's where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that includes SQL injection scans, such as SiteLock Find, Fix, or Prevent plans. If you are writing your own code, be sure to validate your input fields for special characters and ensure you are checking for this type of hacking in your database procedures called from the website.

Please read our related article on: