CEH v9 Question of the Week: SQL Injection

What is one of the best defenses against SQL injection?

A. Snort signatures
B. Firewall
C. Web and database design
D. HIDS

Reveal Answer

The correct answer is C.

Firewalls provide little or no defense against SQL injection attacks because web sites require constant access to the database. Your website is public and firewalls must be set to allow every site visitor access to your database, usually over port 80/443.

The most commonly used SQL injection defense is made up of two components. First there is routine updating and patching of all servers, services and applications which of course has many advantages and is common practice. Then there is producing and using well written and well tested website code that disallows unexpected SQL commands.

 

Related Course
Certified Ethical Hacker v9

CEH v9 Question of the Week Series

• CEH v9 Question of the Week: Retina Scanners
• CEH v9 Question of the Week: Employee Behavior
• CEH v9 Question of the Week: CVE-2007-2447
• CEH v9 Question of the Week: SQL Injection
• CEH v9 Question of the Week: Web Application Penetration Testing
• CEH v9 Question of the Week: iptables
• CEH v9 Question of the Week: Examine Streams of Packets
• CEH v9 Question of the Week: Scans
• CEH v9 Question of the Week: SQL Injection

from
CERTIVIEW