SECURITY

SQL Injection

Icreon values our clients and that includes special concern for the security of our clients' data. Though, difficult to adhere to at all times, we at Icreon have always maintained strict programming standards to safeguard our applications and especially the data underlying our applications.

One of the most common types of threat to data is through SQL injection. SQL stands for structured query language, a language meant to handle data. Through simple loopholes in the development of SQL query scripts, it is actually quite easy to manipulate data to serve an ulterior motive. Our database developers are experts in analyzing and catching such loopholes, which can potentially become disastrous in real time scenarios.

In simple words, when a user is supposed to enter data that directly affects the inner SQL query, the authentication of the data entered by the user decides whether the end results of the execution of that query will yield malicious consequences or not. If a malicious user identifies such a source of entering the system, he can seriously cause monumental damage.

Therefore, at Icreon no query is directly exposed to the user. We make sure that the data entered by the user is first authenticated at a separate location and once it passes our authentication test, is it allowed to be incorporated in the SQL query.

In a similar fashion as SQL injection, buffer overflows are also serious threat to applications developed in languages that have no boundary value checks on data stored in the memory such as C and C++. However the Icreon development engineers along with our team of database designers work closely to eliminate any threat to system memory where, data may get affected if malicious data attempts to overwrite them. Icreon's reputation in the industry is hugely due to the diligent protection provided to our applications and therefore to our clients.