Explore potential database issues, the risks associated with them, and learn how to avoid them.
- We talked about a couple of the potential issues…with databases from other perspectives,…but databases and other backing services are used…in multiple ways in targeted attacks.…Let's start our discussion once again…with SQL injection attacks.…I mentioned these attacks when we discussed…user input validation and indeed that is a good…mitigation for these attacks.…Another good mitigation is the frameworks…and strategies that we use to connect to databases.…
SQL statements should include bind variables and parameters.…Now, you can write full statements or use bind variables.…Creating full statements…is susceptible to injection attacks…because those statements are often concatenated…with user input strings like in our previous example.…But, when you use bind variables and parameters,…you remove that risk because of how the drivers…will create the statement for you…and escape the dangerous behavior.…
Using a bind variable allows you to place a variable…in the statement where you expect…the user input to be added.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.