Chapter 8
Code-level defenses
Solutions in this chapter:
• Domain Driven Security
• Using Parameterized Statements
• Validating Input
• Encoding Output
• Canonicalization
• Design Techniques to Avoid the Dangers of SQL Injection
Introduction
In Chapters 4–7, we focused on ways to compromise SQL injection. But how do we fix it? And how do we prevent SQL injection in our applications going forward? Whether you’re a developer with an application that is vulnerable to SQL injection, or whether you’re a security professional who needs to advise your client, there are a reasonably small number of things that you can do at the code level to reduce or eliminate the threat of SQL injection.
This chapter covers several large areas of ...
Get SQL Injection Attacks and Defense, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.