SQL Injection Myths & Fallacies: Best practices of defense

Posted on Dec 6, 2010 (3 years ago). Seen 1,395 times. No comments. Permalink Feed
Photo Max Walker
Producer
NewCircle, Inc.
Member since Sep 29, 2010
Location: San Francisco
Stream Posts: 295
Tagged as: SQL Video Web Dev
SQL injection is one of the most serious threats to web application security. In this presentation, organized by The SF MySQL Meetup Group on November 10, 2010, Bill Karwin, author of SQL Antipatterns, will break down some common myths related to SQL code injection, give you some examples of common code injection attacks, and show how you can secure your web apps against those attacks.

Twelve common myths debunked by Bill in this video include:
  • I don't have to worry anymore (SQL injection is an "old" problem)
  • Escaping is the fix
  • More escaping is better
  • I can code an escaping function
  • Only user input is unsafe
  • Stored procs are the fix
  • SQL privileges are the fix
  • My app doesn’t need to be secure
  • Frameworks are the fix
  • Parameters quote for you
  • Parameters are the fix
  • Parameters make queries slow

Enjoy, and don't forget to head over to TechTV to see more great educational videos on open source development.



Comments

Be the first one to post a comment!