SQL injection is just one exploit that can be used against Web applications -- there are many lurking out there. Fortunately, there are steps you can take now to prevent SQL injection and other attacks on your applications. These two white papers describe such exploits and give advice for guarding against them.
- SQL injection: Are your Web applications vulnerable?(PDF)
SQL injection is a technique for exploiting Web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a Web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.
- Security at the next level: Are your Web applications vulnerable?(PDF)
Are your Web applications vulnerable? What techniques are hackers using to exploit Web-based applications, and how can you protect your site? This paper explains Web application security and includes a report on the top Web application vulnerabilities. It also discusses how your site might be open to threats such as SQL injection, parameter manipulation, common file query, cross-site scripting and cookie tampering.
This was first published in February 2006