Information Security Officer Question:
Download Questions PDF

Do you know how can an institute or a company can safeguard himself from SQL injection?


An organization can rely on following methods to guard themselves against SQL injection

☛ Sanitize user input: User input should be never trusted it must be sanitized before it is used
☛ Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
☛ Regular expressions: Detecting and dumping harmful code before executing SQL statements
☛ Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
☛ Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.

Download Information Security Professional Interview Questions And Answers PDF

Previous QuestionNext Question
Tell me what is phishing? How it can be prevented?Tell me what is the difference between proxy, firewall, IDS and IPS?