|
|
|
|
|
|
| |
Introduction
The database is the heart of most web applications: it stores the data needed for the web sites and applications to "survive". It stores user credentials and sensitive financial information. It stores preferences, invoices, payments, inventory data, etc. It is through the combination of a database and web scripting language that we as developers can produce sites that keep clients happy, pay the bills, and most importantly run our businesses.
But what happens when you realize that your critical data may not be safe? What happens when you realize that a new security bug has just been found? Most likely you either patch it or upgrade your database server to a later, bug-free version. Security flaws and patches are found all the time in both databases and programming languages, but I bet 9 out of 10 of you have never heard of SQL injection attacks...?
In this article I will attempt to shed some light on this under-documented attack, explaining what an SQL injection attack is and how you can go about preventing one from occurring within your company. By the end of this article you will be able to identify situations where an SQL injection attack may allow unauthorized persons to penetrate your system. You will also learn ways to fix existing code to prevent an SQL injection attack from occurring.
[Note] In this article I will focus specifically on Microsoft SQL Server 2000 and SQL injection attacks, however other databases such as MySQL and Oracle are also vulnerable, so if you're running another database system then you can still use the contents of this article to protect your database. [End Note]
Read More... |
|
|
|
| Developing a Security Policy, by Anna Johnson
Categories : Other, Security, Site Planning | | | Emergency Response Part 2 of 2
Categories : Other, Site Planning, Security | | | PHP5: Designing And Using Interfaces
Categories : PHP, Object Oriented, Interfaces, PHP Classes, Security | | | Understanding Modern Denial of Service
Categories : Security | | | Writing Secure CGI scripts
Categories : CGI, Security | | | SQL Server Stored Procedures 101
Categories : General SQL, Stored Procedures | | | First issue of the SecuritySearch.Net Vulnerabilit
Categories : Security, Vulnerability Report | | | Ecommerce security - The developer's side
Categories : Ecommerce, Security, Site Planning | | | Speaking SQL part 2
Categories : General SQL, Databases, MySQL | | | How to Develop a Simple yet Secure Password System
Categories : Authentication, Security | | | Protecting PHP Scripts with HTTP Authorization
Categories : PHP, HTTP, Security, Authentication | | | The Biggest Vulnerability of All, by Anna Johnson
Categories : Human Factors, Security | | | Securing Directories With htaccess
Categories : Apache, Security | | | Working with Permissions in PHP, Part 1
Categories : PHP, Security | | | SQL In Simple English Part 2 of 2
Categories : Databases, General SQL | |
| |
|
|
