Sql Injection

GovernmentSecurity.org > System Security > System Hardening

Jay

Oct 11 2003, 01:16 PM

QUOTE

The database is the heart of most Web applications: it stores the data needed for the Websites and applications to "survive". It stores user credentials and sensitive financial information. It stores preferences, invoices, payments, inventory data, etc. It is through the combination of a database and Web scripting language that we as developers can produce sites that keep clients happy, pay the bills, and -- most importantly -- run our businesses.

But what happens when you realize that your critical data may not be safe? What happens when you realize that a new security bug has just been found? Most likely you either patch it or upgrade your database server to a later, bug-free version. Security flaws and patches are found all the time in both databases and programming languages, but I bet 9 out of 10 of you have never heard of SQL injection attacks...

SQL Article

hermel

Oct 14 2003, 07:56 AM

Nice articel

THX for the link and the info

phase

Jan 12 2004, 04:25 PM

JAY

Thanks for that post. SQL Injections is a tactic that I have been unaware of until very recently. I have now been able to protect a lot of sites from this...

Thanks

d00m

Jan 13 2004, 10:04 AM

I'd also like to reccomend the sql wargame as a good site to practise sql injection and IMHO helpful for ppl new to the subject.

http://warsql.hackingzone.org/

lifofifo

Jan 22 2004, 03:22 PM

I made that wargame. I am really looking forward to suggestions for adding new levels.

-lifofifo

hracciatti

Aug 27 2004, 06:05 AM

http://www.hernanracciatti.com.ar/papers_and_download.html

Here my SQL Injection paper (In English/Spanish)

My 2 cent.

Hernán Marcelo Racciatti

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.