Use MSSQL/PL-SQL Stored Procedures, limit what and who has access to the stored procedures and associated tables. Perform code reviews, check that string, interger, etc. types are declared in the code and perform error checking. Patch and set IDS/IPS SQL-Injection signatures to High and send alerts , set IPS drop malicious packets and alert.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/660/2323#2323