White Papers: How to protect against SQL injection and other application attacks

SQL injection is just one exploit that can be used against Web applications -- there are many lurking out there. Fortunately, there are steps you can take now to prevent SQL injection and other attacks on your applications. These two white papers describe such exploits and give advice for guarding against them.

• SQL injection: Are your Web applications vulnerable?(PDF)
  SQL injection is a technique for exploiting Web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a Web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.
• Security at the next level: Are your Web applications vulnerable?(PDF)
  Are your Web applications vulnerable? What techniques are hackers using to exploit Web-based applications, and how can you protect your site? This paper explains Web application security and includes a report on the top Web application vulnerabilities. It also discusses how your site might be open to threats such as SQL injection, parameter manipulation, common file query, cross-site scripting and cookie tampering.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat modeling Web application security and the PCI DSS The essentials of Web application threat modeling How to implement security in Java EE and Java ME Application security shouldn't involve duct tape, Band-Aids or bubble gum Stop SQL injection attacks on applications How to counter XSS attacks Breaking the same origin barrier of JavaScript Protection against "zero-minute" exploits Denial of service and Ajax CSRF attack vector with Ajax serialization Software security testing and techniques Free Web proxy security tools software testers should get to know How to get management on board with Web 2.0 security issues Web application security best practices: Tips on implementation Testing strategies for complex environments How to make your software tamperproof Ways to approach application performance testing on a tight budget How can I tell if my software security has been breached? Is online application testing for smartphones different from other software testing? Software testers facing six big challenges today, StarWest keynoter says Lesser-known free software testing tools testers should try

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary