6 SQL injection (and other injections)

This chapter covers

Learning how string concatenations lead to SQL injection
Understanding the consequences of SQL injection
Avoiding SQL injection with prepared statements
Using an OR (object-relational) mapper
Other types of injection attacks

In early March 2021, Ars Technica reported (see the following callout) that 70 GB of data was supposedly stolen from the infamous social media platform Gab. This data included passwords and other user data, private messages, and more. The reason: the code was vulnerable to SQL injection. This allowed an anonymous attacker to access and download this vast amount of data and to make it available to selected researchers.

note See http://mng.bz/gwAE for the initial ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

6 SQL injection (and other injections)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly