Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

How secure is your Recruitment website? Part 4 - SQL Injection

Posted By: Thomas Shaw, 11:17am Wednesday 19 August 2009    Print Article

Database security is a huge issue at the moment - imaging having your whole database stolen and distributed to your competitors or being used for identity theft? SQL Injection attacks present a serious threat to the security of a recruitment website and it is essential that adequate countermeasures are taken to prevent such an attack from being successful.

I briefly talked about a form of SQL injection in a previous article HTML Special Character #39 - The Apostrophe showing how easy it is to break a search form and how much the industry is in trouble.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Your recruitment database contains very sensitive user information including: passwords, bank details, tax file numbers, contact details, email address, date of birth, address etc. Even if you store your confidential data securely, you donít want anything to be accessible to anyone but yourself.

Itís somewhat shameful that there are so many successful SQL Injection attacks occurring, because it is EXTREMELY simple to avoid vulnerabilities in your code.

One of the most effective methods of preventing SQL injection from being used is to thoroughly validate EVERY SINGLE input from the user, by identifying all possible meta-characters which could be utilised by the database system and filtering them out.

Be proactive in computer security. A combination of security measures such as; validation, neutralizing meta-characters, restricting error messages and limiting access rights to the web server can be used to comprehensively protect your website.†

Don't think it will never happen to you.




Article URL: http://www.recruitmentdirectory.com.au/Blog/how-secure-is-your-recruitment-website-part-4-sql-injection-a250.html

Article Tags: hacking security job board recruitment websites malicious code sql injection insecure job search form testing apostrophe hack database security identity theft

Comments Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Favicon used with Google Sponsored Links
Published: 3:44pm Sunday 15 March 2009

Email Marketing Tips for Recruiters, Part 2 - Metrics
Published: 8:00pm Sunday 23 August 2009

Inspecht releases 21st Century Recruiting eBook
Published: 4:30pm Thursday 18 December 2008

MyCareer OTP Advertising
Published: 8:26pm Monday 15 June 2009

Is SEO important for individual job adverts?
Published: 6:33pm Wednesday 10 June 2009