by Berislav Kucan - Wednesday, 30 June 2004.
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack.
In this HNS audio learning session, Caleb Sima, SPI Dynamics
CTO, discusses SQL injection attacks, offers practical examples of these vulnerabilities and gives his tips on both how to find and how to immunize SQL injection vulnerabilities.
Download the session (8.6 MB) in MP3 format: