SQL injection is one of those attacks which most developers have heard of, but may not be familiar with.
I stumbled upon some really good guidance on doing some of your own homework on learning about SQL injection. Best Damn Quick Tips for a Total SQL Injection Newbie (Period) quickly describes three steps (reading, setting up a vulnerable web environment and mimicking attackers) to go from little to lots of knowledge. Yes, really do this on your own test vulnerable applications — never start trying things out on applications or systems you are not authorised to examine.
Then for the last step which is to research defensive measures, the best resource is the OWASP SQL Injection Prevention Cheat Sheet. Happy reading!
Posted on: 11 October 2011 at 06:59 hrs