Chapter 3. Reviewing Code for SQL Injection

Solutions in this chapter:

▪ Reviewing Source Code for SQL Injection

▪ Automated Source Code Review

Summary

Solutions Fast Track

Frequently Asked Questions

Introduction

Often, the quickest way to find potential areas for SQL injection in an application is to review an application's source code. Also, if you are a developer who is not allowed to use SQL injection testing tools as part of your development process (not an uncommon situation in banks, and usually something for which you can be fired) it may be your only option.

Some forms of dynamic string building and execution are also clear from a quick review of code. What is often not clear is whether the data used in these queries is sourced from the user's ...

Get SQL Injection Attacks and Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense by Justin Clarke-Salt

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly