SQL Injection Defenses

Post on June 1st, 2008

Databases on the Web

SQL Injection is subset of the an unverified/unsanitized user input vulnerability, and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.

For people who use databases for web applications, the threat of attacks is great no matter how small or large your database is. It doesn’t matter what type of database you use either (SQL Server, ORACLE, MYSQL, etc.).

As long as there are hackers out there, your data is at risk.

Here is a great guide (.pdf) written by Martin G. Nystrom that the web developer, DBA or even website owner can benefit from to help them understand how data is vulnerable on the web and learn some of the “defenses” to try and prevent it.

From SQL

About

This site started back in September 2005 as an online resource for my training at a local computer club. The material was based upon taching people how to do web programming with JavaScript.

It then expanded over the years to offer online classes (in JavaScript and ASP.NET) to anybody as well as more of a wider range of topics inlcuding HTML, CSS, PHP, ASP.NET, Flash, etc.

Feel free to contact me if you have any question on the online classes I offer or material covered.

SQL Injection Defenses

Leave a Reply

Recent Posts

Categories

Popular tags

Notable Blogs

About

Flickr

Search