Thursday, November 26, 2015

Key Points to Block SQL Server Attacks

I was solving the SQL Server errors through the forums then I saw a discussion about the SQL attacks. That discussion was very good and it has given me the idea to write a blog on it. Well, this blog is about the easy techniques to prevent the SQL database from the corruption.

When someone talks about the SQL attack then, the first thing that comes in the mind is “SQL injection” and this is very popular known code injection technique to destroy the database. This attack is based on 1=1 is always true principle.Read more about SQL injection here. So, get ready to know about the few simple techniques to make your SQL Server database safe and secure.


  • Do not use dynamic SQL: use parameterized queries or stored procedures, prepared statements instead the normal statement whenever possible.
  • Update and Patch: In the specious situation just apply the patches and updates on the SQL Server database. 
  • Firewall: Always on the firewall to prevent the data from the malicious attack. A WAF (Web Application Firewall) is useful to provide the security before patch file is available.
  • Minimize your attack surface: Some options like xp_cmdshell become helpful for the hackers so try to avoid these options.
  • Encrypt the data: Never try to store the data in the plain text format. Manage the database with the tough password so that the hacker cannot dump the database and steal the information. 
  • Password Security: Don’t forget the basics i.e. change the password of the application accounts into database regularly. If you are unable to do it on the daily basis then change on the alternate days.
  • Understand the application: Just understand the behavior of the web application so you can easily identify when the application is behaving abnormally like using unusual inputs and executing many more database lookups (Attempt to retrieve data). 
  • Use validations: Always use validations on the input fields to prevent the database from the attack.

Always take care of these points to prevent the data from the corruption. If the corruption level is major and hard to handle then use Stellar Repair for MS SQL tool to repair the corrupt database. 

No comments:

Post a Comment