Quantcast
Channel: SQL Injection Attack – The Blog of Colin Angus Mackay
Viewing all articles
Browse latest Browse all 11

SQL Injection Attacks – DunDDD 2012

0
0

Examples

The examples were run against a copy of the Adventure Works database.

Required Tables

For the Second Order Demo you need the following table added to the Adventure Works database:

CREATE TABLE [dbo].[FavouriteSearch](
	[id] [int] IDENTITY(1,1) NOT NULL,
	[name] [nvarchar](128) NOT NULL,
	[searchTerm] [nvarchar](1024) NOT NULL
) ON [PRIMARY]

GO

Slide Deck

The slide deck is available for download in PDF format.

Further Reading

During the talk I mentioned a lesson from history on why firewalls are not enough.

I also showed XKCD’s famous “Bobby Tables” cartoon, and also a link to further information on dynamic SQL in Stored Procedures.

More information about the badly displayed error messages can be found amongst two blog posts: What not to develop, and a follow up some months later.

I wrote a fuller article on SQL Injection Attacks that you can read here although it is a few years old now, it is still relevant given that SQL Injection Attacks remain at the top of the OWASP list of vulnerabilities.


Filed under: SQL Injection Attack Talk Tagged: DDD, DDD Scotland, DunDDD, SQL Injection Attack

Viewing all articles
Browse latest Browse all 11

Latest Images

Trending Articles





Latest Images