Preventing Injection attacks - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Preventing Injection attacks

Message

From

26/08/2008 11:13:50

Naomi Nosonovsky
Wisconsin, United States

To

22/08/2008 14:50:56

Tc Holzer
Isle of Man

General information

Forum:

Microsoft SQL Server

Category:

Other

Title:

Re: Preventing Injection attacks

Environment versions

SQL Server:

SQL Server 2005

Miscellaneous

Thread ID:

01341172

Message ID:

01341831

Views:

10

>I think it would make sense to research it fully. Here's a few to get you started:
>
>http://www1.cs.columbia.edu/~angelos/Papers/sqlrand.pdf
>http://www.securiteam.com/securityreviews/5DP0N1P76E.html
>http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
>http://msdn.microsoft.com/en-us/library/bb355989.aspx
>http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx
>http://www.colinmackay.net/tabid/57/Default.aspx
>http://msdn.microsoft.com/en-us/library/aa224806.aspx
>
>There are some appliances and tools like WatchFire AppScan, Applicure's DotDefender, or eEye's REM Security Management Appliance. Most are cost prohibitive though.
>
>One thing you can do though is download the trialware of some checking tools so you use it as a test to check for vulnerabilities....
>
>http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners

One more link to the tools to complete the picture.

http://www.misfitgeek.com/Tools+To+Block+And+Eradicate+SQL+Injection.aspx

If it's not broken, fix it until it is.

My Blog

Click here to load this message in the networking platform