WebApp Sec mailing list archives
WASC-Articles Announcement: "The Unexpected SQL Injection" by Alexander "Mordred" Andonov
From: announcements () webappsec org
Date: Mon, 17 Sep 2007 02:37:00 -0400 (EDT)
WASC is proud to present a new WASC-article titled "The Unexpected SQL Injection" by Alexander "Mordred" Andonov. This article surveys several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used. There are two major steps at writing SQL injection resistant code: correct validation and escaping of input and proper use of the SQL syntax. Failure to comply with any of them may lead to compromise. Many of the specific issues are already known, but no single document mentions them all. Although the examples in the paper make use of PHP/MySQL, the same principles apply to ASP/MSSQL and other combinations of languages and databases. The paper can be found in http://www.webappsec.org/projects/articles/091007.shtml Regards, The WASC-Articles team http://www.webappsec.org/projects/articles/ http://www.webappsec.org/ The Web Application Security Consortium ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe --------------------------------------------------------------------------
Current thread:
- WASC-Articles Announcement: "The Unexpected SQL Injection" by Alexander "Mordred" Andonov announcements (Sep 18)