Injection attacks, and particularly SQL injections, are the most commonly exploited vulnerabilities by hackers.
SQL Injection ("SQLi")
SQL Injection is a technique for taking control of a database query, and results in a compromise of confidentiality or a database alteration. The attacker uses vulnerabilities in the server application to inject a string for execution in its database.
"First-order" SQL injections inject malicious data that trigger the attack when the server application saves new information in its database.
"Second-order" SQL injections inject in the database malicious data that will be activated when the data is recalled and included in a dynamic query.
The server application is vulnerable if it uses data as a literal in a query. To guard against these vulnerabilities, the server application needs to separate the data sent by a device (or the attacker) that need to be processed from the instructions that operate on the data, with the effect of eliminating the impact of malicious injected code in data.
Other forms of injection attacks exist, such as OS Command, LDAP or resource injections. They are based on the same underlying principle as the SQL injection by targeting the server system, the enterprise directory or the application resources. The parry is based on the very same principe as the one against SQL injections.
The Motilia solution has been designed at inception to guard against SQL injection attacks. In addition, the selected defensive mechanism allows for optimizing the accesses to the databases. Please contact us to learn more about Motilia integrated security.