SQL Injection Attacks – DunDDD 2012

Examples The examples were run against a copy of the Adventure Works database. Basic Demo (ASP.NET MVC / C# / Visual Studio 2010) Second Order Demo (WinForms / C’# / Visual Studio 2010) Required Tables For the Second Order Demo you need the following table added to the Adventure Works database: CREATE TABLE [dbo].[FavouriteSearch]( [id] […]

SQL Server User Group: SQL Injection Attacks

Examples The examples were run against a copy of the Adventure Works database. Basic Demo (ASP.NET MVC / C# / Visual Studio 2010) Second Order Demo (WinForms / C’# / Visual Studio 2010) Required Tables For the Second Order Demo you need the following table added to the Adventure Works database: CREATE TABLE [dbo].[FavouriteSearch]( [id] […]

SQL Injection Attacks and Tips on How to Prevent Them

I’m giving a talk in Dundee on the topic of SQL Injection Attacks. If you are interested in the subject then the registration link is at the bottom of the page. Wednesday, 28th October 2009 at 19:00 – 21:00 Queen Margaret Building, Dundee University The Talk In light of some recent events, such as the […]

If you really must do dynamic SQL…

I may have mentioned in previous posts and articles about SQL Injection Attacks that dynamic SQL (building SQL commands by concatenating strings together) is a source of failure in the security of a data driven application. It becomes easy to inject malicious text in there to cause the system to return incorrect responses. Generally the […]

SQL Injection Attacks

Every day I see messages on various forums asking for help with SQL. Nothing wrong with that. People want to understand how something works, or have a partial understanding but something is keeping them from completing their task. However, I frequently also see messages that have SQL statements being built in C# or VB.NET that are extremely […]