Prevent SQL Injection by Using Runtime Protection
In this article, we will consider runtime protection to prevent SQL Injection that is deployable without recompiling the application’s source code. Mainly covered here are software plugins for Web Servers and application frameworks (For example .Net Framework, PHP, J2EE, etc.). The software solutions we will discuss are open-source (Free) and available for download on the Internet. Although there are many commercial solutions to Prevent SQL Injection, We will not cover this as commercial products.
Runtime protection is a tool / software for migrating and preventing exploitation of known SQL Injection vulnerabilities. Fixing the application’s source code is always an ideal solution. However, the required condition is not always feasible. Even if resources and time are available to fix the source code, runtime protection still be a good layer of security to detect and prevent exploitation of unknown SQL Injection vulnerablities. There’s also threat named “zero-day” exploit techniques as well as the latest SQL Injection worm transversing Internet. In this way, runtime protection not just act as reactive defense mechanism, but also proactive through securing an application.
Eventhough this kind protection provides many benefits, it’s costs too much. Depending on the solution, there are some level of peformance degradation aftereffect. When you consider a solution, especially a commercial one. It’s important to know about documented peformance statistics. The key to get the most out of runtime protection is a willingness to know the limitations of technology.
Web Application Firewalls to Prevent SQL Injection
There are many solution of using runtime protection. One of them is Web Application Firewalls (WAF). WAF is a software-based solution that adds security layer features to a web application. Spesifically, WAF can protect web application from SQL Injection.
Benefits of using software based WAFs are that HTTP/HTTPS communications are handled seamlessly, and the web application remains unchanged because they run inside application hosting process or inside the web. WAFs which based on appliance do not consume web server resources and they can protect multiple websites of varying technologies. But we will not cover that in this article. Although you can use some solutions as a network appliance when running on a reverse proxy server.
Using ModSecurity to Prevent Attack
The standard for WAFs is the open source ModSecurity. it is implemented as an apache module. However, it can protect any Web Application when apache is configured as a reverse proxy. You can use it for monitoring, intrusion detection, attack prevention, prevent SQL Injection and general application hardening.
You May Want to See :
-
How To Find SQL Injection Vulnerabilities Automatically
-
Protect Your Website Against XSS
-
Keep your computer up to speed
-
How to set up Web Server on Windows, Linux, and Mac Using Apache
-
Protect your Mail by Encryption
-
How To Secure Wireless Computer
-
How To Install Ubuntu Linux On Your Computer Or Laptop
-
Rooting with an Unlocked Boot Loader Android
-
8 Ways To Optimise Your Wordpress Site
-
Enable the Classic Windows Start Menu to Microsoft Windows 8
-
Simple Way to Encrypt Files
-
Forensics Analysis of SQLite Database
-
Finding Vulnerabilities In Network Systems
-
Simple Way to Connect Swift to PHP Code
-
Apache Rewrite Rules Guide
-
Improve Website Performance Through Caching
-
Set up a digital media library in Windows
-
How To Install MySQL on Linux, Windows, And Mac
-
Encoding Decoding Data Using PHP
-
Encrypt USB Flash or External Hard Disk Drives
-
Controlling PC From Android Tablet
Loading ...