Information Security Officer Question: Download Questions PDF
Do you know how can an institute or a company can safeguard himself from SQL injection?
Answer:
An organization can rely on following methods to guard themselves against SQL injection
☛ Sanitize user input: User input should be never trusted it must be sanitized before it is used
☛ Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
☛ Regular expressions: Detecting and dumping harmful code before executing SQL statements
☛ Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
☛ Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.
☛ Sanitize user input: User input should be never trusted it must be sanitized before it is used
☛ Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
☛ Regular expressions: Detecting and dumping harmful code before executing SQL statements
☛ Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
☛ Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.
Download Information Security Professional Interview Questions And Answers
PDF
| Previous Question | Next Question |
| Tell me what is phishing? How it can be prevented? | Tell me what is the difference between proxy, firewall, IDS and IPS? |