SQL injection Occur when someone ( Hackers ) Writing Web application code that access to your database this code contain special format.
As DBA you need to understand who access to database and corporate with developers and make sure they are connect in secure way. and Use good SQL statement to avoid SQL injection, because of this Don’t relay on your firewall always make sure you secure your database and your code before start working on firewall, i am not saying here firewall will not protect your database yes it will but don’t forget now these days we have devices and complex network wireless, IPAD , Mobiles , Devices and Laptop are connected to your network, so in that case firewall will not protect you 100%, secure for better reasons 🙂
Users connect to database using Listener, Even database is down and listener is up user can still open connection to database ( which is caused the problem ) you can access to the server because there is no authentication way in listener, lot of examples on this type of attackes.
to solve this issue you need to Patch & patch OS and Database to ensure all security bugs and fixed.
there’s different type of oracle vulnerabilities Buffer overflow , listener issues , misunderstanding configuration and PL/SQL which indicate to SQL injection. most of our fears is not outside hackers/attacker it’s internally such as employee, hacking lessons online on internet and free everyone want to try it where mostly in work, in 2008 reports indicate that 26% of hacking issues happened because employee ignorant.
Company ignore security side because Resource such as money and consultant but they will not do that after they get hacked and lose everything data and customer information.
Most of the company has network administrator and system administrator so if you secure OS & network well your database will be secure.