SQL injection attacks remain common and continue to cause problems for many organizations. There are some great methods to defend against SQL injection that every cyber security professional should be aware of. We will discuss the five best ways to defend against SQL injection attacks:

• The first method is to use a web application firewall. Modsecurity is an open-source version offered for free. Modsecurity works on Apache, Microsoft IIS, and nginx web servers.
• The second method is to suppress error messages. Hackers will often use error messages for reconnaissance. If the messages are at least kept local, it can prevent the hacker from learning too much about the structure of the database.
• The three method is to constantly monitor SQL statements from database-connected applications. It is important to constantly watch for malicious SQL statements so the attack can be mitigated before major damage is done to the database. There are several monitoring tools available to detect SQL injection attacks. Tools with behavioral analysis or machine learning can be the most useful.
• The fourth method is to use data sanitation. This method requires websites to filter all user input such as e-mails or phone numbers.
• The fifth method is to regularly apply software patches. Most SQL injection vulnerabilities are found within commercial software. Unpatched software is one of the easiest attack vectors for a hacker to use. It's critical to keep all software fully updated with the latest patches.