[Owasp-brazilian] Tutorial on Defending Against SQL Injection Attacks

Rodrigo Montoro (Sp0oKeR) spooker at gmail.com
Tue Feb 19 08:07:22 EST 2008


Achei interessante esse paper =)

Welcome to the Tutorial
on Defending Against SQL Injection Attacks!

Without proper safeguards, applications are vulnerable to various
forms of security attack. One particularly pervasive method of attack
is called SQL injection. Using this method, a hacker can pass string
input to an application in hopes of gaining unauthorized access to a
database.

By taking this self-study tutorial, you can arm yourself with
techniques and tools to strengthen your code and applications against
these attacks. This tutorial employs text and diagrams to present
concepts, design issues, coding standards, processes, and tools.
Flash-based demos and simulations allow you to visualize what you have
learned, and assessment quizzes help you gauge your learning progress.
Learning Objectives

After taking this tutorial, you should be able to:
	Categorize and explain various types of SQL injection attacks
	Describe coding and design strategies for avoiding SQL injection attacks
	Use DBMS_ASSERT to validate input values
	Use code review tools to help identify possible SQL injection vulnerabilities
	Apply coding standards to eliminate SQL injection vulnerabilities


Tutorial: http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm



[]z! Rodrigo Montoro (Sp0oKeR)

-- 
 ===============================
  Rodrigo Montoro (Sp0oKeR)
      Security Researcher
SnortCP / RHCE / LPIC-I / MCSO
 http://www.spookerlabs.com.br
===============================


More information about the Owasp-brazilian mailing list