SQL Injection: Modes of attack, defence, and why it matters
暂无分享,去创建一个
SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack. Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This paper will look at a selection of the methods available to a SQL injection attacker and how they are best defended against.
[1] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .
[2] Dejan Sunderic,et al. SQL Server 2000 Stored Procedure Programming , 2001 .
[3] David Litchfield,et al. SQL Server Security , 2003 .