1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

SQL Injection

Collapse
X
11 to 11 of 11 Previous 1 2 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
11 to 11 of 11 Previous 1 2 template Next
    #11
    Originally posted by DimPrawn View Post
    WHS and ideally stored procedures.
    Seen plenty of sql injection through SP's (i'm a pen tester and software security head btw), either the dev's build the SP call dynamically or in some cases, i've seen dynamic sql constructed within the SP!

    Best approach is (as stated already) parameterised queries, and also _in all cases_ input should be validated against expected data type (at least) and usually one or more of length, format and range.

    cheers

    Comment

    Reply to Thread
    11 to 11 of 11 Previous 1 2 template Next

    Advertisers

    1. Contracting
      1. General
        1. Brexit
      2. Business / Contracts
        1. Coronavirus Assistance
      3. Accounting / Legal
        1. Umbrella Companies
        2. HMRC Scheme Enquiries
        3. The Future of Contracting
        4. IR35 Reform
      4. Technical
      5. Welcome / FAQs
    2. Social
      1. Light Relief
      2. Social / Events
    Working...
    X