In a SQLi attack, hackers typically take advantage of security flaws in web application software to pass malicious commands to a database back-end. A SQLi vulnerability can potentially enable an attacker to take control of an entire database, exposing confidential information and leaving businesses and users at risk.
Protecting against SQLi attacks takes a multi-pronged effort. Auditing and remediation of exploitable software vulnerabilities is key, but enterprises can also employ additional layers of defenses.
Among the ways that enterprises can protect themselves against SQLi attacks is by way of the Oracle Database Firewall, which was updated with a new release today. The firewall helps protect against SQLi exploits by identifying and blocking unauthorized database transactions on the network.
“We have extended the scope of the databases that we support in terms of being able to understand their networking protocols and their SQL dialect,” Vipin Samar, Vice President, Database Security at Oracle, told InternetNews.com. “The firewall looks at the traffic that is going to the database, and then based on customer set policies they can log, audit, monitor, and block the offending SQL statements.”