From the course: SQL Server: Security for Developers
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Overview of SQL injection - SQL Server Tutorial
From the course: SQL Server: Security for Developers
Overview of SQL injection
- [Instructor] If you're developing databases or you're new to developing databases especially, but even if you're experienced, and when I say databases I don't just mean SQL server, I mean pretty much any relational database that you can work on whether it's Oracle, My SQL, or Postgres, or any other ones or side base. One of the biggest security risks you can have, because it's really hard to detect and it's blind to you, is SQL Injections. What SQL Injection is here, and it's an attack that comes from passing in potentially malicious SQL command in a form field on an application front end, and this happens especially if you're using dynamic SQL in your code and you're not strongly typing your parameters, a user couldn't pass in a command maybe to return a list of user names that the hacker could then start to attack with, could get metadata about the database, or even just retrieve raw data from the database. There are a whole bunch of vulnerabilities with SQL Injection and the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Overview of SQL injection2m 44s
-
(Locked)
SQL injection vulnerabilities3m 44s
-
(Locked)
Writing proper SQL procedures3m 22s
-
(Locked)
Demo: Stored procedures vs. dynamic SQL2m 2s
-
(Locked)
Dynamic SQL and input checking1m 52s
-
(Locked)
Demo: Dynamic SQL parameterization3m 25s
-
(Locked)
External protection around SQL injection3m 30s
-
(Locked)
-
-