Chapter 8 Code-level defenses

Erlend Oftedal

Solutions in this chapter:

• Domain Driven Security

• Using Parameterized Statements

• Validating Input

• Encoding Output

• Canonicalization

• Design Techniques to Avoid the Dangers of SQL Injection

Introduction

In Chapters 4–7, we focused on ways to compromise SQL injection. But how do we fix it? And how do we prevent SQL injection in our applications going forward? Whether you’re a developer with an application that is vulnerable to SQL injection, or whether you’re a security professional who needs to advise your client, there are a reasonably small number of things that you can do at the code level to reduce or eliminate the threat of SQL injection.

This chapter covers several large areas of ...

Get SQL Injection Attacks and Defense, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense, 2nd Edition by Justin Clarke-Salt

Chapter 8

Code-level defenses

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly