SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. . . .
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack.

In this HNS audio learning session, Caleb Sima, SPI Dynamics CTO, discusses SQL injection attacks, offers practical examples of these vulnerabilities and gives his tips on both how to find and how to immunize SQL injection vulnerabilities.

The link for this article located at net-security.org is no longer available.