From the course: Programming Foundations: Secure Coding
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Database issues
- We talked about a couple of the potential issues with databases from other perspectives, but databases and other backing services are used in multiple ways in targeted attacks. Let's start our discussion once again with SQL injection attacks. I mentioned these attacks when we discussed user input validation and indeed that is a good mitigation for these attacks. Another good mitigation is the frameworks and strategies that we use to connect to databases. SQL statements should include bind variables and parameters. Now, you can write full statements or use bind variables. Creating full statements is susceptible to injection attacks because those statements are often concatenated with user input strings like in our previous example. But, when you use bind variables and parameters, you remove that risk because of how the drivers will create the statement for you and escape the dangerous behavior. Using a bind variable…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Error handling issues3m 21s
-
(Locked)
Logging and output issues4m 9s
-
(Locked)
Internal data management issues3m 9s
-
(Locked)
Configuration issues4m 29s
-
(Locked)
Database issues3m 51s
-
(Locked)
File and I/O issues3m 54s
-
(Locked)
Memory management issues4m 34s
-
(Locked)
Dependency issues2m 46s
-
(Locked)
-
-
-