The first line of protection against SQL injection is good coding practices. Developers should rely on well-tested code libraries rather than generating SQL statements directly. That will prevent the vulnerability from happening.
Penetration testing is valuable in catching vulnerabilities. Checking all form fields with SQL injected attempts will catch many flaws before the code is released to the public.
Database accounts should run with only the privileges needed for the job. For example, a Web application normally doesn't need to create or delete tables or to shut down the database, so it should use an account that can't do these things.
Databases should encrypt their most sensitive fields. If an attack exports them, the thieves will get only encrypted credit card numbers and hopefully be unable to crack them.
SQL vulnerabilities are often caught and fixed after the initial release, and administrators should keep their software up to date with all security patches. This helps to protect websites against all kinds of vulnerabilities.
Sometimes these risks go uncaught for a while, but having
a web application firewall (WAF) will stop attackers from exploiting them. The Quttera WAF checks all incoming HTTP requests and blocks SQL injection and other malicious packets. The WAF is available as part of Quttera's comprehensive ThreatSign website protection service. With
ThreatSign working for you, your database is safer and your business will run into fewer problems.