According to Wysopal and others, there are several measures companies can take to limit their exposure to SQL injection vulnerabilities. One involves a code review of all Web applications to identify input validation errors. Companies need to identify such coding flaws and ensure that a Web form only accepts legitimate input. can also be useful in protecting against SQL injection attacks, though they must be tuned properly to automatically block malicious traffic while permitting legitimate traffic to get through.

Hardening the underlying database and ensuring that the Web application connecting to it has limited access are also helpful in fending off attacks, Wysopal said.