To build secure data access code, know what the threats are, how common vulnerabilities arise in data access code, and how to use appropriate countermeasures to mitigate risk.
The top threats to data access code are:
Disclosure of configuration data
Disclosure of sensitive application data
Disclosure of database schema and connection details
Figure 14-1 illustrates these top threats.
Figure 14-1. Threats and attacks to data access code
SQL injection attacks exploit vulnerable data access code and allow an attacker to execute arbitrary commands in the database. ...