Handling an SQL Injection attack

0
votes

What should an Incident Handler do (or) follow when an SQL injection attack is reported?

  1. Initial Response
  2. Analysis
  3. Action

Aiming to make a Procedure guide to follow for myself and my team. Brief or detail, anything would help.

1
sql-injection
Better suited for Security SE.Gumbo
I'm voting to close this question as off-topic because it belongs on Security.StackExchangeAHiggins

1 Answers

0
votes

Not a full process, but it should get you started:

  • Initial Response

    • Verify that the reported vulnerability is legitimate, preferably in a production-safe manner
    • See the OWASP SQL Injection Testing guide for more information on how to do this

  • Analysis

    • Determine the cause of the SQL Injection
    • This is probably a location where user input is directly concatenated into a SQL query

  • Action

    • The best defense against SQL Injection is to utilize parameterized/prepared statements instead of direct string concatenation when building a query based on user input.
    • These statements provide a clear divide between data and syntax, so that user input is never treated as SQL syntax but instead treated as data
    • How you do this will depend on the language and framework used in your application
    • See the OWASP SQL Injection Prevention Cheat Sheet for more information on preventing SQL injection