Hi all
What is SQL fault injection
How to perform the sqlinjection
Is there any specific method for the same
Is there any tools available for the same.
How can we protect web application from SQL injection.
What is SQL fault injection?
Hot Topic
- Where to save scenarios
- Installing Visual Studio Team System
- Check-In Policy, Code Analysis exclusions, copying to other TFS Projects
- Problem capturing events from TFS.
- Integrating with TFS: Use of ExecuteDefaultAction
- Unit testing and exceptions
- Webtest with activex controls will not allow the control to be run when the test is re-run
- Fixing DoNotCastUnnecessarily in VB.NET?
- TF30177: Team Project Creation Failed
- Validation x Extration Rules
VS Team System
- Problems with Branching
- Error when merging in TS
- load testing query for 1.0 application
- Publish Operation Failed for Custom Test Type
- Hello?
- Designing editing masks with InfoPath
- Howto: exclude .Net Framework 2.0 from VS 2005 Team Foundation Server Beta 2
- witimport TF26177 with custom field (RTM)
- Can't Run Unit Tests for Data Access Layer w/ SQL Server?
- What is the best way to migrate the Pinning and Sharing project of VB6 to TFS
What is SQL fault injection?
sniwas24x7
SQL fault injection can occur if you take text directly from a text box or other form of user input and use it in a query. Then an attacker can type SQL into the text box and randomly have SQL executed on the server. Some apps then display the results of the SQL in the response.
Here's a good article on it: http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
Tools: FXCop has a set of security rules that will find places in your code that can have potential SQL injection attacks.
How to protect: good coding practices (scrubbing input, for example), good security model in your app, FXCop, and educate your testers so they know what tests to try.