Open Information Systems Security Group - SQL Injection: "SQL Injection"
This article shed insight on the art of sql injection in data base driven applications. It follows structured approach and after going through it a reader will have a better understanding of sql injections.
This document discuss in detail common as well as some advance SQL Injection techniques as it applies to Microsoft Internet Information Server / Active Server Pages / Microsoft SQL Server. It discusses the various ways in which SQL can be injected & how one can protect him against the SQL injections. This document also contains brief description of the terms used in the context of databases & web Application.
What is SQL Injection?
It's a technique where an attacker creates or alters existing SQL commands (by using some special symbol) to gain access to unintended data or even the ability to execute system level commands in the server. SQL injections are the result of Poor Input Validation and can be blocked by proper input validation.
Application that do not correctly validate and/or sanitize the user input, can potentially be exploited in several ways:
· Changing SQL values
· Concatenating SQL Values
· Adding Function calls & stored Procedures to a statement
· Typecast and concatenate retrieved data
· Adding system functions & procedure to find out critical information about the server
Download
The more I read, the more I acquire, the more certain I am that I know nothing. -Voltaire
Subscribe to:
Post Comments (Atom)
Ramadan - What is it?
Ramadan is one of the most important and holy months in the Islamic calendar. It is a time of fasting, prayer, and spiritual reflection fo...
-
ZipStudio - A versatile Visual Studio add-in to zip up Visual Studio solutions and projects - The Code Project - C# Programming
-
TargetProcess - Agile Project Management & Bug Tracking Software | Download (Project Management Software, Project Tracking, Bug Tracking...
No comments:
Post a Comment