Security Basics mailing list archives
Re: Test for SQL Injection
From: Adriel Desautels <adriel () netragard com>
Date: Mon, 27 Oct 2008 13:08:38 -0400
Michael,The best way to protect against SQL Injection attacks are to use Parameterized Stored Procedures. If you take a look at http://www.owasp.org and search for SQL Injection you'll get everything you need. With respect to testing, you can either do it manually (which I like) or you can use something like sqlninja. I don't recommend testing for SQL Injection issues unless you know what you are doing because you can corrupt data.
On Oct 26, 2008, at 2:59 PM, Michael Condon wrote:
What are some open source utilities I can use to test a web page for SQL Injection vulnerability (MySQL), and what coding practices can be implemented to prevent the exploit?
-- Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 ------------------------------------------------ Netragard, LLC - "The Specialist in Anti-Hacking" Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn
Current thread:
- Web Application Scanners Marc-André Laverdière (Oct 23)
- Re: Web Application Scanners Franck Vervial (Oct 24)
- Re: Web Application Scanners Michael Condon (Oct 24)
- Re: Web Application Scanners Marc-André Laverdière (Oct 29)
- Re: Web Application Scanners p4ssion (Oct 29)
- Re: Web Application Scanners Michael Condon (Oct 24)
- Re: Web Application Scanners Franck Vervial (Oct 24)
- RE: Web Application Scanners degracia.carron.joseangel () servexternos repsolypf com (Oct 24)
- Re: Web Application Scanners Sebastián Bortnik (Oct 24)
- Test for SQL Injection Michael Condon (Oct 27)
- Re: Test for SQL Injection Adriel Desautels (Oct 27)
- Re: Test for SQL Injection Nikhil Wagholikar (Oct 27)
- RE: Test for SQL Injection David Crandell (Oct 27)
- Re: Test for SQL Injection Yuli Stremovsky (Oct 28)
- Test for SQL Injection Michael Condon (Oct 27)