Summary

One of the most devastating attacks against a web application is a successful SQL injection exploit. These attacks drive to the source of the data manipulated by the application. If the database can be compromised, then an attacker may not need to try brute-force attacks, social engineering, or other techniques to gain unauthorized access and information. It is important to understand how these vulnerabilities can be identified. Otherwise, countermeasures that work against one type of attack may not work against another. In the end, the best defense is to build queries with bound parameters (parameterized statements) in the application and rely on stored procedures in the database where possible.



Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net