Have you heard of SQL injection?
SQL injection (SQLi) is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Webform input box (like a Contact form) to obtain access to resources or make changes to the data in your website. Many believe this vulnerability to be one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
They can be used to
- bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database.
- add, modify and delete records in a database - affecting data integrity.
- obtain unauthorized access to sensitive data including, customer data, personally identifiable information (PII), trade secrets, intellectual property and other sensitive information.
- do almost anything they want with and from your website
To avoid exposure to SQL injections you would ensure you use a knowledgeable team or agency to develop your website. The code behind your website, if done correctly, can help minimise explotation - while poorly written code leaves the door wide open for attack.
Additionally you should secure your website by installing security patches as they are released. New versions of operating systems, third party tools, database platforms and development platforms are released regularly to address new issues and to stop hackers from ambushing websites.
Our clients are protected by our Drupal Site Security package, which is used to patch critical security bugs as soon as practically possible after they are released.
If you would like more details on protecting your website investment, contact us and we will be happy to help.