O'Reilly logo

SQL Injection Defenses by Martin Nystrom

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SQL Injection Defenses

Martin Nystrom

March 26, 2007

Abstract

This short cut introduces you to how SQL injection vulnerabilities work, what makes applications vulnerable, and how to protect them. It helps you find your vulnerabilities with analysis and testing tools and describes simple approaches for fixing them in the most popular web-programming languages.

This short cut also helps you protect your live applications by describing how to monitor for and block attacks before your data is stolen.

Hacking is an increasingly criminal enterprise, and web applications are an attractive path to identity theft. If the applications you build, manage, or guard are a path to sensitive data, you must protect your applications and their users from this growing threat.

SQL Injection Defenses

Hacking is an increasingly criminal enterprise, and web applications are becoming an attractive path to identity theft. If the applications you build, manage, or guard provide access to sensitive data, this article is aimed to help you protect them. We'll start out trying to explain why you should care about these attacks, while providing some historical perspective. We'll go on to discuss how most web applications work, and describe how SQL queries are properly formed (and can be abused). With the basics under your belt, we'll move on to discussing the attacks themselves—what ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required