Re: Test for SQL Injection



I imagine that HP Scrawlr is a bit pricey.
If JavaScript is required to enable the Submit button on an HTML form, is there a way to circumvent this?
I do have two layers of server side protection from SQL Injection as well.
----- Original Message ----- From: "David Crandell" <david@xxxxxxxxxxxxxxxx>
To: "'Michael Condon'" <admin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>; <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Monday, October 27, 2008 10:37 AM
Subject: RE: Test for SQL Injection


I have used HP's scrawlr.

To prevent attacks, validate input in your forms (server-side, not just with
javascript) and make sure any querystring parameters are filtered or
validated with server-side code before they are passed to the database.

Dave Crandell
Vice President, Information Systems
On Hold Media Group
972-758-1300
david@xxxxxxxxxxxxxxxx

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Michael Condon
Sent: Sunday, October 26, 2008 1:59 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Test for SQL Injection

What are some open source utilities I can use to test a web page for SQL
Injection vulnerability (MySQL), and what coding practices can be
implemented to prevent the exploit?







Relevant Pages

  • RE: Test for SQL Injection
    ... To prevent attacks, validate input in your forms (server-side, not just with ... validated with server-side code before they are passed to the database. ... Subject: Test for SQL Injection ...
    (Security-Basics)
  • Re: Javascript on the client as an alternative to Perl/PHP/Python on the server
    ... Server generated HTML will never be exposed to that. ... Javascript that is cross-browser compliant is a major pain (this I ... client-side framework. ... find the right server-side framework. ...
    (comp.lang.javascript)
  • Re: Server-Side JavaScript
    ... not to have a third language (besides JavaScript and T-SQL). ... two tools for server-side JavaScript that might be useful: ... Client-side SQL is bad. ...
    (comp.lang.javascript)
  • Re: ASP.net C# javascript
    ... JavaScript? ... I've already given you the C# code to create a server-side ... Dictionary object (similar to an array, ... The reason I asked you if you'd read my reply is because your post above implies that you haven't... ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP.net C# javascript
    ... But can I get some handy information from the web with what I needed now first? ... Firstly, I told you that C# and JavaScript are different languages - C# is used for server-side coding and JavaScript is used for client-side scripting, and there is no such thing as "C# JavaScript"... ... I appreciate that you are familiar with ASP Classic and VBScript but, as I have also mentioned, that won't help you at all in ASP.NET. ... So, once again, are you trying to create a server-side array object in C# or are you trying to create a client-side array in JavaScript? ...
    (microsoft.public.dotnet.framework.aspnet)