Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network
To access: Get File: Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network
Abstract: United States Critical Infrastructure faces a significant risk from the exploitation of Structured Query Language (SQL) injection vulnerabilities. If executed successfully, an SQL injection may allow for the compromise of confidentiality, integrity, and availability of a database and its contents; an outcome that may carry a high cost in system recovery and reconstitution, data restoration, downtime, regulatory penalties, and negative publicity. Due to the manageable level of complexity of SQL injection, the array of freely available tools that automate the exploitation process, and the techniques’ demonstrated potential for impact, malicious cyber actors will continue relying on SQL injection vulnerabilities in public facing websites as a means of gaining access to critical infrastructure systems and networks.
Date Published: 23 July 2014
Last Reviewed: 15 June 2015
Identifier: MIT-006FS-2014
Dissemination Control: N/A
Length: 14 page(s)
Format: pdf
Type: Reference/Overview; Factsheet
Tags: Defend; Exploitation; Structured Query Language - SQL; Vulnerability; Compromised Network; Network; Critical; Infrastructure; Security; Risk; Operating Systems - OS; Interest; Database Management System - DBMS