How to protect yourself against SQL injection

Roger's (Chief Security Advisor of Microsoft EMEA) blog has some interesting information about the analysis and possible countermeasures of SQL injection:

Understand the current threat and read SQL Injection Attacks on IIS Web Servers on our IIS Blog and Questions about Web Server Attacks on the Microsoft Security Response Center Blog. Once you have done that I think (if you are not already) you should familiarize yourself with these kind of attacks and there are some very good resources and engineer at Microsoft compiled for you:

General Guidance on SQL Injection:

Incident Response with focus on SQL Injection:

And last but not least some MSDN guidance:

(Source: Roger's blog)

(Source: Roger's Blog)

Related posts:

No comments: