Solutions in this chapter:
• Domain Driven Security
• Using Parameterized Statements
• Validating Input
• Encoding Output
• Design Techniques to Avoid the Dangers of SQL Injection
In Chapters 4–7, we focused on ways to compromise SQL injection. But how do we fix it? And how do we prevent SQL injection in our applications going forward? Whether you’re a developer with an application that is vulnerable to SQL injection, or whether you’re a security professional who needs to advise your client, there are a reasonably small number of things that you can do at the code level to reduce or eliminate the threat of SQL injection.
This chapter covers several large areas of ...