SQL Injection Myths & Fallacies: Best practices of defense
iSpeech
SQL injection is one of the most serious threats to web application security. In this presentation, Bill Karwin, author of SQL Antipatterns, will break down some common myths and give you a better understanding of how you can arm your web apps against SQL injection.
** Check out the slides from this presentation at: http://www.marakana.com/f/210 **
Twelve fallacies debunked by Bill include:
- I don't have to worry anymore (SQL injection is an "old" problem)
- Escaping is the fix
- More escaping is better
- I can code an escaping function
- Only user input is unsafe
- Stored procs are the fix
- SQL privileges are the fix
- My app doesn't need to be secure
- Frameworks are the fix
- Parameters quote for you
- Parameters are the fix
- Parameters make queries slow
Head over to Marakana TechTV (http://marakana.com/techtv) to see more educational videos on open source
2010-12-06 19:00:20
source
Gloss