OBJECTIVE 05 — SQL INJECTION COUNTERMEASURES
CEH CORE DEFINITION (MEMORIZE)
| Item | Memorize |
| SQL Injection Countermeasures | Security controls implemented to prevent attackers from injecting malicious SQL code into queries |
ROOT CAUSE OF SQL INJECTION (EXAM STATEMENT)
| Root Cause |
| Lack of proper input validation and unsafe dynamic SQL query construction |
MEMORY HOOK:
Dynamic SQL = danger
PRIMARY SQL INJECTION PREVENTION TECHNIQUES
1. PARAMETERIZED QUERIES (MOST IMPORTANT)
DEFINITION
| Item | Memorize |
| Parameterized Query | A query where SQL logic is separated from user input |
WHY IT WORKS
| Reason |
| User input treated as data |
| SQL structure cannot be altered |
EXAM NOTE
| Item |
| Most effective SQL injection prevention |
MEMORY HOOK:
Code ≠ Data
2. PREPARED STATEMENTS
DEFINITION
| Item | Memorize |
| Prepared Statement | SQL statement compiled once and executed multiple times with different parameters |
ADVANTAGES
| Advantage |
| Prevents injection |
| Improves performance |
TECHNOLOGIES SUPPORTING IT
| Technology |
| Java |
| PHP |
| .NET |
| Python |
MEMORY HOOK:
Prepare once, execute safely
3. STORED PROCEDURES
DEFINITION
| Item | Memorize |
| Stored Procedure | Precompiled SQL code stored in the database |
SECURITY NOTE (EXAM TRAP)
| Statement | Correct |
| Stored procedures always safe | NO |
| Safe only if parameterized | YES |
MEMORY HOOK:
Stored ≠ secure
DEFINITION
| Item | Memorize |
| Input Validation | Ensuring user input matches expected format |
TECHNIQUES
| Technique |
| Whitelisting |
| Length checking |
| Type checking |
EXAM NOTE
| Item |
| Whitelisting > blacklisting |
MEMORY HOOK:
Allow known good only
PURPOSE
| Purpose |
| Neutralize special characters |
LIMITATION (EXAM TRAP)
| Item |
| Escaping alone is NOT sufficient |
MEMORY HOOK:
Escape helps, not enough
6. LEAST PRIVILEGE
DEFINITION
| Item | Memorize |
| Least Privilege | Granting minimum database permissions |
IMPLEMENTATION
| Practice |
| No admin DB users |
| Separate read/write users |
MEMORY HOOK:
Less privilege, less damage
7. WEB APPLICATION FIREWALL (WAF)
ROLE
| Role |
| Detect and block SQL injection payloads |
LIMITATION
| Limitation |
| Can be bypassed using evasion techniques |
MEMORY HOOK:
WAF ≠ silver bullet
| Tool | Purpose |
| SQLmap | Automated SQL injection exploitation |
| Havij | Automated SQL injection |
| jSQL Injection | Java-based SQL injection tool |
| SQLninja | MSSQL exploitation |
| BBQSQL | Blind SQL injection |
PURPOSE
| Purpose |
| Detect and exploit SQL injection |
SQLMAP CAPABILITIES
| Capability |
| Detect injection |
| Enumerate DB |
| Dump data |
| Execute OS commands |
BASIC SQLMAP COMMAND STRUCTURE (RECOGNITION)
| Structure |
| sqlmap -u [options] |
IMPORTANT SQLMAP OPTIONS (EXAM)
| Option | Purpose |
| -u | Target URL |
| –dbs | List databases |
| –tables | List tables |
| –columns | List columns |
| –dump | Dump data |
| –os-shell | OS shell |
MEMORY HOOK:
sqlmap = automate everything
| Tool | Specialty |
| Havij | GUI-based SQLi |
| SQLninja | MSSQL focus |
| jSQL | Cross-platform |
| BBQSQL | Blind SQLi |
SQL INJECTION PREVENTION CHECKLIST (EXAM GOLD)
| # | Control |
| 1 | Use parameterized queries |
| 2 | Use prepared statements |
| 3 | Validate input |
| 4 | Use least privilege |
| 5 | Hide error messages |
| 6 | Patch DBMS |
| 7 | Deploy WAF |
FINAL MODULE 15 MEMORY BLOCK
OBJECTIVES
| Objective | Status |
| Concepts | Covered |
| Types | Covered |
| Methodology | Covered |
| Evasion | Covered |
| Countermeasures | Covered |
| Tools | Covered |
CORE MEMORY HOOK
Inject → Enumerate → Extract → Evade → Prevent
MODULE 15 STATUS
| Item | Status |
| Pages covered | 100% |
| Concepts skipped | 0 |
| Tools skipped | 0 |
| Exam alignment | Exact |
MODULE 15 COMPLETE
Next available modules:
-
Module 16 – Hacking Wireless Networks
-
Module 17 – Hacking Mobile Platforms
-
Rapid SQLi exam drills
-
One-page SQLi memory sheet
Tell me what’s next.