SQL Injection Myths & Fallacies: Best practices of defense
Posted on Dec 6, 2010
(2 years ago).
Seen 1,331 times.
No comments.
Member since Sep 29, 2010
Location: San Francisco
Stream Posts: 288
Location: San Francisco
Stream Posts: 288
SQL injection is one of the most serious threats to web application security. In this presentation, organized by The SF MySQL Meetup Group on November 10, 2010, Bill Karwin, author of SQL Antipatterns, will break down some common myths related to SQL code injection, give you some examples of common code injection attacks, and show how you can secure your web apps against those attacks.
Twelve common myths debunked by Bill in this video include:
Enjoy, and don't forget to head over to TechTV to see more great educational videos on open source development.
Twelve common myths debunked by Bill in this video include:
- I don't have to worry anymore (SQL injection is an "old" problem)
- Escaping is the fix
- More escaping is better
- I can code an escaping function
- Only user input is unsafe
- Stored procs are the fix
- SQL privileges are the fix
- My app doesn’t need to be secure
- Frameworks are the fix
- Parameters quote for you
- Parameters are the fix
- Parameters make queries slow
Enjoy, and don't forget to head over to TechTV to see more great educational videos on open source development.
Comments
Be the first one to post a comment!
