Copyright © 2007 O'Reilly Media, Inc.
March 26, 2007
This short cut introduces you to how SQL injection vulnerabilities work, what makes applications vulnerable, and how to protect them. It helps you find your vulnerabilities with analysis and testing tools and describes simple approaches for fixing them in the most popular web-programming languages.
This short cut also helps you protect your live applications by describing how to monitor for and block attacks before your data is stolen.
Hacking is an increasingly criminal enterprise, and web applications are an attractive path to identity theft. If the applications you build, manage, or guard are a path to sensitive data, you must protect your applications and their users from this growing threat.
Hacking is an increasingly criminal enterprise, and web applications are becoming an attractive path to identity theft. If the applications you build, manage, or guard provide access to sensitive data, this article is aimed to help you protect them. We'll start out trying to explain why you should care about these attacks, while providing some historical perspective. We'll go on to discuss how most web applications work, and describe how SQL queries are properly formed (and can be abused). With the basics under your belt, we'll move on to discussing the attacks themselves—what ...