Security Basics mailing list archives
RE: Test for SQL Injection
From: "David Crandell" <david () onholdwizard com>
Date: Mon, 27 Oct 2008 11:37:41 -0500
I have used HP's scrawlr. To prevent attacks, validate input in your forms (server-side, not just with javascript) and make sure any querystring parameters are filtered or validated with server-side code before they are passed to the database. Dave Crandell Vice President, Information Systems On Hold Media Group 972-758-1300 david () onholdwizard com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: Sunday, October 26, 2008 1:59 PM To: security-basics () securityfocus com Subject: Test for SQL Injection What are some open source utilities I can use to test a web page for SQL Injection vulnerability (MySQL), and what coding practices can be implemented to prevent the exploit?
Current thread:
- Web Application Scanners Marc-André Laverdière (Oct 23)
- Re: Web Application Scanners Franck Vervial (Oct 24)
- Re: Web Application Scanners Michael Condon (Oct 24)
- Re: Web Application Scanners Marc-André Laverdière (Oct 29)
- Re: Web Application Scanners p4ssion (Oct 29)
- Re: Web Application Scanners Michael Condon (Oct 24)
- Re: Web Application Scanners Franck Vervial (Oct 24)
- RE: Web Application Scanners degracia.carron.joseangel () servexternos repsolypf com (Oct 24)
- Re: Web Application Scanners Sebastián Bortnik (Oct 24)
- Test for SQL Injection Michael Condon (Oct 27)
- Re: Test for SQL Injection Adriel Desautels (Oct 27)
- Re: Test for SQL Injection Nikhil Wagholikar (Oct 27)
- RE: Test for SQL Injection David Crandell (Oct 27)
- Re: Test for SQL Injection Yuli Stremovsky (Oct 28)
- Test for SQL Injection Michael Condon (Oct 27)