WebApp Sec mailing list archives
Re: Esssentials for understanding and preventing sql injection
From: Kraig Babin <kmbabin () gmail com>
Date: Thu, 1 Apr 2010 09:30:55 -0300
A good place to start with a few examples and links to numerous other resources: http://www.owasp.org/index.php/SQL_Injection To understand SQL injection you should understand how SQL works, at least on a high level. Attackers use knowledge of how SQL statements get processed and provide input that changes what the statement tells the server to do. (invalidate the beginning of the SQL query, execute query the user provides, ignore the rest) Using stored procedures, parametrized queries and input sanitizing/escaping/validating (server side, not client side) are all common and effective methods of preventing or minimizing the risk of SQL injection. Those would be good things to research once you have an understanding of SQL. Kraig On Sat, Mar 27, 2010 at 7:30 AM, a bv <vbavbalist () gmail com> wrote:
Hi, For a nod n web/database/programming person what are the essentials for understanding and preventing sql injection (for both encyrpted and non-encrypted traffic) ? Can you also recommend online/offline resources for these? Regards This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
-- [K] This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Re: Esssentials for understanding and preventing sql injection Kraig Babin (Apr 05)