Hardware, software and organizational means of protecting information system resources from unauthorized access by SQL injections

The article discusses hardware, software and organizational means of protecting the resources of the personal data information system from unauthorized access by SQL injections. The use of cloud storage as a place to store information implies a number of In accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, the personal Data Information System (ISPDn) will be understood as a set of personal data contained in databases and information technologies and technical means that ensure their processing. The analysis of the security of ISPDn resources with respect to NSD by SQL injection includes five conditional stages: collecting information in ISPDn, scanning ISPDn, gaining access to ISPDn, fixing in ISPDn, generating a report; at the same time, security analysis is always associated with unauthorized access to data. To prevent NSD from SQL injections, the following hardware and software solutions are proposed to minimize the consequences of unauthorized exposure to ISPDn: a firewall of web applications for filtering malicious data; regular updates and corrections; minimizing the use of administrator-level privileges; minimizing open information about the architecture of the ISPDn database from error messages; continuous monitoring of SQL statements-injections from applications connected to the database.