Main Profile

At A Glance

SQL Injection Myths & Fallacies: Best practices of defense

SQL injection is one of the most serious threats to web application security. In this presentation, Bill Karwin, author of SQL Antipatterns, will break down some common myths and give you a better understanding of how you can arm your web apps against SQL injection.** Check out the slides from this presentation at: http://www.marakana.com/f/210 **Twelve fallacies debunked by Bill include:- I don't have to worry anymore (SQL injection is an "old" problem)- Escaping is the fix- More escaping is better- I can code an escaping function- Only user input is unsafe- Stored procs are the fix- SQL privileges are the fix- My app doesn't need to be secure- Frameworks are the fix- Parameters quote for you- Parameters are the fix- Parameters make queries slowHead over to Marakana TechTV (http://marakana.com/techtv) to see more educational videos on open source
Length: 44:55

Contact

Questions about SQL Injection Myths & Fallacies: Best practices of defense

Want more info about SQL Injection Myths & Fallacies: Best practices of defense? Get free advice from education experts and Noodle community members.

  • Answer

Ask a New Question