O'Reilly logo

SQL Injection Attacks and Defense, 2nd Edition by Justin Clarke-Salt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8

Code-level defenses

Erlend Oftedal

Solutions in this chapter:

• Domain Driven Security

• Using Parameterized Statements

• Validating Input

• Encoding Output

• Canonicalization

• Design Techniques to Avoid the Dangers of SQL Injection

Introduction

In Chapters 47, we focused on ways to compromise SQL injection. But how do we fix it? And how do we prevent SQL injection in our applications going forward? Whether you’re a developer with an application that is vulnerable to SQL injection, or whether you’re a security professional who needs to advise your client, there are a reasonably small number of things that you can do at the code level to reduce or eliminate the threat of SQL injection.

This chapter covers several large areas of ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required