Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Test for SQL Injection

From: Adriel Desautels <adriel () netragard com>
Date: Mon, 27 Oct 2008 13:08:38 -0400
Michael,
The best way to protect against SQL Injection attacks are to use Parameterized Stored Procedures. If you take a look at http://www.owasp.org and search for SQL Injection you'll get everything you need. With respect to testing, you can either do it manually (which I like) or you can use something like sqlninja. I don't recommend testing for SQL Injection issues unless you know what you are doing because you can corrupt data. 


On Oct 26, 2008, at 2:59 PM, Michael Condon wrote:
What are some open source utilities I can use to test a web page for SQL Injection vulnerability (MySQL), and what coding practices can be implemented to prevent the exploit? 

--

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

------------------------------------------------
Netragard, LLC - "The Specialist in Anti-Hacking"

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn
Previous By Date Next
Previous By Thread Next

Current thread: