From the course: SQL Server: Security for Developers
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
External protection around SQL injection - SQL Server Tutorial
From the course: SQL Server: Security for Developers
External protection around SQL injection
- [Instructor] So there are some external mechanisms around SQL Injection. There are some tools like database firewalls. But in general the best solutions revolve around good architecture and good coding practices. We're gonna take a look at a couple of different things here. The most important thing that you need to do is make sure that all queries to the database are sanitized before being executed against the database. You really want to use strong parametrization around your queries so that you're not just arbitrarily executing any code. There's no way to directly map so you just need to use strong typing. And ideally, don't let your URL construct your query to the database. Do a little bit stronger validation in your code. If you're using something like Nhibernate or Entity Framework, these will typically do that operation for you by default. And most of the vulnerability around SQL injection does go back to legacy databases that are running things like PHP that will just…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Overview of SQL injection2m 44s
-
(Locked)
SQL injection vulnerabilities3m 44s
-
(Locked)
Writing proper SQL procedures3m 22s
-
(Locked)
Demo: Stored procedures vs. dynamic SQL2m 2s
-
(Locked)
Dynamic SQL and input checking1m 52s
-
(Locked)
Demo: Dynamic SQL parameterization3m 25s
-
(Locked)
External protection around SQL injection3m 30s
-
(Locked)
-
-