Chapter 8

Code-level defenses

Erlend Oftedal

Solutions in this chapter:

• Domain Driven Security

• Using Parameterized Statements

• Validating Input

• Encoding Output

• Canonicalization

• Design Techniques to Avoid the Dangers of SQL Injection


In Chapters 47, we focused on ways to compromise SQL injection. But how do we fix it? And how do we prevent SQL injection in our applications going forward? Whether you’re a developer with an application that is vulnerable to SQL injection, or whether you’re a security professional who needs to advise your client, there are a reasonably small number of things that you can do at the code level to reduce or eliminate the threat of SQL injection.

This chapter covers several large areas of ...

Get SQL Injection Attacks and Defense, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.