SQL Injection attacks
Many SQL injection attacks can be prevented BUT there are many that cannot be. Most SQL injection attacks or do too poorly coded applications. Poorly coded applications allow malicious attackers to access an organization’s sensitive data. Although these vulnerabilities are continuously being explored they are also continuously being exploited by the aforementioned malicious attackers.
SQL firewalls have been in place and implemented for many years but most firewall cannot prevent well-constructed SQL injection attacks. One of the main problems that I personally have had with protecting my applications against SQL injection attacks is the process of prevention when you’re coding out an application. Prepared statements are very effective tool in order to prevent SQL injection attacks. The problem with prepared statements is that they are laborious and require many sets of arrays to be constructed in order to map your data to the SQL statements. This is a long, laborious and tedious way to code SQL. This leads me to one of the main reasons that a firewall is ineffective in a lot of cases against SQL injection attacks using the SQL injection methods are used by the malicious hacker in a way which the code is embedded with certain syntax that circumvents the firewall. The firewall will check the SQL code for a pre-made Blacklist block of SQL signatures in which it will flag and not allowed to pass through. But as human beings become more adept at figuring out different code structures to bypass these systems the hackers become more efficient and more effective at creating code that can pass even the most dependable firewall. So in essence it is human Ingenuity and human code nuances that are able to be implemented to bypass these firewall systems.
This takes us into the second part of this paper, database monitoring and auditing. Database monitoring is the process of continuously monitoring in real time or actual review of the DB systems by external sources. These may be human or otherwise o even in special circumstances from the database itself. These usually external systems will audit or monitor the activity of the databases continuously or on timed intervals. The process of monitoring or auditing the database improves the database security because it helps to find unusual or irregular database activity and prevent the update of certain data or information. This is an extra abstraction layer of security on top of the already implemented firewalls or native SQL or database security systems.
It is very important to have audits and database monitoring in place. An extra set of eyes or extra set of commands is always better than running native defensive applications or native firewall applications for any system. Most database auditing systems provide forensic level management of the system itself. It does this by aggregating all of the data that is produced by the firewalls or the native security protections that are built into the SQL applications or SQL abstraction layers. By understanding the aggregate data from all sources coming in and out of the database the administrator or the systems administration can detect any unusual activity and prevented it in the future or in real time. These are the reasons that database auditing and monitoring are very important