Testing Web Applications for SQL Injection

article

By

|

November 5, 2002

Summary

This paper discusses the SQL injection vulnerability, its impact on Web applications, methods for predeployment and post-deployment testing of the application, and solution implementation suggestions. SQL injection is one of many parameter manipulation attacks that can be executed against Web applications. The SQL injection vulnerability is easily identified and prevented in most systems, but often is not.

Download Article:

XDD6007filelistfilename1_0.pdf

Topics:

architecture development lifecycles software engineering test methodologies methods

About The Author

Sam Shober

Sam Shober has seven years of quality assurance testing and management experience. He is the quality assurance manager for SPI Dynamics where he oversees the testing efforts for WebInspect, a tool that remotely assesses the security of Web applications.