Chapter 3 Reviewing Code for SQL Injection

Dave Hartley

Solutions in this chapter:

• Reviewing Source Code for SQL Injection

• Automated Source Code Review

Introduction

Often, the quickest way to find potential areas for SQL injection in an application is to review an application’s source code. Also, if you are a developer who is not allowed to use SQL injection testing tools as part of your development process (not an uncommon situation in banks, and usually something for which you can be fired) it may be your only option.

Some forms of dynamic string building and execution are also clear from a quick review of code. What is often not clear is whether the data used in these queries are sourced from the user’s browser, or whether they have ...

Get SQL Injection Attacks and Defense, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense, 2nd Edition by Justin Clarke-Salt

Chapter 3

Reviewing Code for SQL Injection

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly