Re: Esssentials for understanding and preventing sql injection

[Kraig Babin <kmbabin () gmail com>]

A good place to start with a few examples and links to numerous other
resources: http://www.owasp.org/index.php/SQL_Injection

To understand SQL injection you should understand how SQL works, at
least on a high level. Attackers use knowledge of how SQL statements
get processed and provide input that changes what the statement tells
the server to do. (invalidate the beginning of the SQL query, execute
query the user provides, ignore the rest)

Using stored procedures, parametrized queries and input
sanitizing/escaping/validating (server side, not client side) are all
common and effective methods of preventing or minimizing the risk of
SQL injection. Those would be good things to research once you have an
understanding of SQL.

Kraig

On Sat, Mar 27, 2010 at 7:30 AM, a bv <vbavbalist () gmail com> wrote:
> Hi,
>
> For a nod n web/database/programming person what are the essentials
> for understanding and preventing sql injection (for both encyrpted and
> non-encrypted traffic) ? Can you also recommend
>
> online/offline resources for these?
>
> Regards
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------



--
[K]



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------