Skip to main content

Advanced SQL Injection in SQL Server Applications

article
By
Chris Anley
|
Summary

This document discusses in detail the common "SQL injection" technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. It discusses the various ways in which SQL can be "injected" into the application and addresses some of the data validation and database lockdown issues that are related to this class of attack. 

This document discusses in detail the common "SQL injection" technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. It discusses the various ways in which SQL can be "injected" into the application and addresses some of the data validation and database lockdown issues that are related to this class of attack.

The paper is intended to be read by both developers of Web applications which communicate with databases and by security professionals whose role includes auditing these Web applications.

Click PDF below to read the article.

Download Article:
3988413.pdf
Topics:
htmlsecuritytest techniques
About The Author
Profile picture for user ChrisAnley
Chris Anley

Chris Anley is a director at NGSSoftware, the world's leading security vulnerability research company. When he's not spending time auditing software or websites for security bugs, he writes whitepapers that help folks do it for themselves. You can read more about NGSSoftware here.

Community Sponsor

Lets Hang!

Featured Resources

Testing
Mobile Software Testing eGuide
White Paper | StickyMinds
Testing
The Care and Feeding of Your Software Testing Career
White Paper | StickyMinds
Testing
Test Automation eGuide
White Paper | StickyMinds
Testing
Internet of Things eGuide
White Paper | StickyMinds

User Comments

0 comments

Not specified