Re: Test for SQL Injection
- From: "Michael Condon" <admin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 6 Nov 2008 11:22:52 -0600
I imagine that HP Scrawlr is a bit pricey.
If JavaScript is required to enable the Submit button on an HTML form, is there a way to circumvent this?
I do have two layers of server side protection from SQL Injection as well.
----- Original Message ----- From: "David Crandell" <david@xxxxxxxxxxxxxxxx>
To: "'Michael Condon'" <admin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>; <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Monday, October 27, 2008 10:37 AM
Subject: RE: Test for SQL Injection
I have used HP's scrawlr.
To prevent attacks, validate input in your forms (server-side, not just with
javascript) and make sure any querystring parameters are filtered or
validated with server-side code before they are passed to the database.
Dave Crandell
Vice President, Information Systems
On Hold Media Group
972-758-1300
david@xxxxxxxxxxxxxxxx
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Michael Condon
Sent: Sunday, October 26, 2008 1:59 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Test for SQL Injection
What are some open source utilities I can use to test a web page for SQL
Injection vulnerability (MySQL), and what coding practices can be
implemented to prevent the exploit?
- Follow-Ups:
- RE: Test for SQL Injection
- From: David Crandell
- RE: Test for SQL Injection
- From: Rui Pereira (WCG)
- RE: Test for SQL Injection
- Prev by Date: RE: Starting up as a security consultant
- Next by Date: Re: Starting up as a security consultant
- Previous by thread: Re: Test for SQL Injection
- Next by thread: RE: Test for SQL Injection
- Index(es):
Relevant Pages
|
