Pete Finnigan's SQL Server Security Blog

Cookie Policy:We only use essential cookies on small sections of this website. For details see here.


SQL Server Security
Blog Archives
Oracle Security
Oracle Security Blog

Greymatter Forums

December 2006
SMTWTFS
     12
3456789
10111213141516
17181920212223
24252627282930
31      

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!

Powered By Greymatter

Home » Archives » December 2006 » SQL Injection, Are Your Web Applications Vulnerable?

[Previous entry: "Chip Andrews SQL lock down script"] [Next entry: "SQL Injection cheat sheet"]

12/12/2006: "SQL Injection, Are Your Web Applications Vulnerable?"


SQL Injection, Are Your Web Applications Vulnerable? - by SPI Dynamics

"SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general."