Other Resources

Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 12, Database Input Issues

Sarbanes-Oxley Act of 2002: www.aicpa.org/ info /sarbanes_oxley_summary.htm

The Open Web Application Security Project (OWASP): www.owasp.org

Advanced SQL Injection In SQL Server Applications by Chris Anley: www.nextgenss.com/papers/advanced_sql_injection.pdf

Web Applications and SQL Injection: www.spidynamics.com/whitepapers/ WhitepaperSQLInjection.pdf

Detecting SQL Injection in Oracle by Pete Finnigan: www.securityfocus.com/infocus/1714

How A Criminal Might Infiltrate Your Network by Jesper Johansson: www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx

SQL Injection Attacks by Example by Stephen J. Friedl: www.unixwiz.net/techtips/ sql-injection .html

Oracle 10g SQL Regular Expressions: http://searchoracle.techtarget.com/searchOracle/downloads/10g_sql_regular_expressions.doc

Regular Expressions in T-SQL by Cory Koski: http://sqlteam.com/item.asp?ItemID=13947

xp_regex: Regular Expressions in SQL Server 2000 by Dan Farino: www.codeproject.com/managedcpp/xpregex.asp

SQLRegEx: www.krell-software.com/sqlregex/regex.asp

DB2 Bringing the Power of Regular Expression Matching to SQL www-06.ibm.com/developerworks/db2/library/techarticle/0301stolze/0301stolze.html

MySQL Regular Expressions: http://dev.mysql.com/doc/mysql/en/Regexp.html

Hacme Bank: www.foundstone.com/resources/proddesc/hacmebank.htm