SQL Injection Checks


Check

Description

Input passed to data access methods that originates outside the current trust boundary is constrained.

Sanitization of input is only used as a defense in depth measure.

Stored procedures that accept parameters are used by data access code. If stored procedures are not used, type safe SQL parameters are used to construct SQL commands.

Least-privileged accounts are used to connect to the database.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net