Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lightning Talk C: SQL Injection #52

Open
jamessspanggg opened this issue Apr 7, 2020 · 0 comments
Open

Lightning Talk C: SQL Injection #52

jamessspanggg opened this issue Apr 7, 2020 · 0 comments

Comments

@jamessspanggg
Copy link
Contributor

jamessspanggg commented Apr 7, 2020

WIIFY

This talk helps you in understanding on how SQL Injection works, how to prevent it and further protect your user data against the most common web application attack.

Key Points

  • KP1: SQL Injection is a code injection attack that injects and executes malicious SQL code that is usually done with vulnerable user inputs. Escaping quotes is one of the most basic way of applying SQL injection.
  • KP2: Some simple measures can reduce the risk of SQL injection:
    • Try not to use string concatenation to construct your sql queries, use parameterised queries instead
    • Remember to Sanitise, Filter and Escape your user inputs
    • There are tools you can use to scan the code for SQL injection vulnerabilities, such as SQL Map and ZAP.

Impact

  • Know: What is SQL Injection, what are the common ways of applying and preventing them from occurring
  • Believe: SQL Injection can happen to any of our application, and your application data is at risk, if preventions are not being done
  • Do: Be aware of SQL injection and take precautionary measures.
    • Use parameterise queries
    • Sanitise, filter and escape your user inputs

Call to Action

Let's do our part and practice safe sql, protect your user data against malicious sql injections.

Slides
SQL-Injection.pptx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant