IBroderick's picture

Check out this video with Veracode Security Researcher Fred Owsley discussing SQL Injection. SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Fred explains how SQL Injection occurs and what you can do protect your data from a SQL Injection attack. The video can be viewed below, enjoy! For your convenience we have also transcribed the video.

What is SQL Injection?

SQL Injection is a common injection technique that an attacker will use to inject code into a website and attack the database. It is frequently used by attackers to execute code that will either let an attacker into an application or let them execute queries against a database to collect information from that database.

SQL Injection works on SQL server 2000 from Microsoft, MySQL and PostgreSQL. All of the servers speak the same SQL language so it is possible to inject SQL through another web language.

How do I Protect Against SQL Injection?

The easiest way is to perform input validation against anything that the attacker or anyone using your website is sending to you. A lot of web application languages contain methods for performing this input validation, so you don't have to re-write the structures.

For more information on developing secure web application check out our recent infographic "Building Secure Web Application".

Comments (3)

Hmm | June 27, 2012 2:33 pm

Nice vid. Spectacular mutton chops

Vince | June 27, 2012 4:40 pm

Did you mean parameterized queries? Input validation [and output encoding] helps defend against XSS.


CEng | July 3, 2012 1:13 pm

@Vince: Yes. Parameterized prepared statements are the first line of defense. That video was done off-the-cuff and I think some things may have been edited out. I'm going to get somebody to re-record it.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.