• Reviewing Source Code for SQL Injection
• Automated Source Code Review
Often, the quickest way to find potential areas for SQL injection in an application is to review an application’s source code. Also, if you are a developer who is not allowed to use SQL injection testing tools as part of your development process (not an uncommon situation in banks, and usually something for which you can be fired) it may be your only option.
Some forms of dynamic string building and execution are also clear from a quick review of code. What is often not clear is whether the data used in these queries are sourced from the user’s browser, or whether they have ...