Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

SQL Injection Myths & Fallacies: Best practices of defense

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
2,541
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Dec 6, 2010

SQL injection is one of the most serious threats to web application security. In this presentation, Bill Karwin, author of SQL Antipatterns, will break down some common myths and give you a better understanding of how you can arm your web apps against SQL injection.

** Check out the slides from this presentation at: http://www.marakana.com/f/210 **

Twelve fallacies debunked by Bill include:
- I don't have to worry anymore (SQL injection is an "old" problem)
- Escaping is the fix
- More escaping is better
- I can code an escaping function
- Only user input is unsafe
- Stored procs are the fix
- SQL privileges are the fix
- My app doesn't need to be secure
- Frameworks are the fix
- Parameters quote for you
- Parameters are the fix
- Parameters make queries slow

Head over to Marakana TechTV (http://marakana.com/techtv) to see more educational videos on open source

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

All Comments (3)

Sign In or Sign Up now to post a comment!

  • If you consider yourself a seasoned programmer and know all the pitfalls of SQL Injection, he is stating obvious problems up until about 27:00. From then on, its starts getting interesting.

    DJTripleThreat78 1 year ago 3

  • Please tell the camera man that he has to film the slides.

    anotherelvis 1 year ago 2

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more