Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network

Abstract: United States Critical Infrastructure faces a significant risk from the exploitation of Structured Query Language (SQL) injection vulnerabilities. If executed successfully, an SQL injection may allow for the compromise of confidentiality, integrity, and availability of a database and its contents; an outcome that may carry a high cost in system recovery and reconstitution, data restoration, downtime, regulatory penalties, and negative publicity. Due to the manageable level of complexity of SQL injection, the array of freely available tools that automate the exploitation process, and the techniques’ demonstrated potential for impact, malicious cyber actors will continue relying on SQL injection vulnerabilities in public facing websites as a means of gaining access to critical infrastructure systems and networks.

Date Published:

Last Reviewed: 15 June 2015

Identifier: MIT-006FS-2014

Creator:

Dissemination Control: N/A

Length: 14 page(s)

Format: pdf

Type: Reference/Overview; Factsheet

Tags: Defend; Exploitation; Structured Query Language - SQL; Vulnerability; Compromised Network; Network; Critical; Infrastructure; Security; Risk; Operating Systems - OS; Interest; Database Management System - DBMS