A.R.M. Yourself Against SQL Injection

Tuesday, August 08, 2006

To effectively protect your web application from SQL injection attack, you must ARM yourself. That is, when writing applications, be sure to validate all input strings. There are three, and only three, options when given a piece of data:
  • Accept it
  • Reject it
  • Modify it
It might seem obvious that all input must be validated. Too often, webmasters and programmers are focused on getting a working application under time pressure and may not implement the best security practices.

So what does it mean to ARM yourself? Well, one good step is to use the string cleansing functions of your programming language. Also, if a field is supposed to be a number then explictly convert it from a string to number.

I originally talked about this at the ACMSE-2006 conference in May. I will have to write up some more on the topic at a later date.

Posted by Frank Rietta at 6:19 PM

Comments

Post a Comment

Links to This Post

Create a Link

<< Home

"Whenever you find a man who says he doesn't believe in a real Right and Wrong, you will find the same man going back on this a moment later."
-- C.S. Lewis, The Case for Christianity

Recent Posts

Archives

April 2005 / May 2005 / June 2005 / July 2005 / August 2005 / November 2005 / April 2006 / June 2006 / August 2006 / September 2006 / November 2006 / December 2006 / January 2007 / January 2008 /

About Me

My Photo
Name: Frank Rietta
Location: Atlanta, Georgia, United States

I am a software developer who has been marketing on the internet since 1999. I hold an MS in Information Security from the Georgia Institute of Technology, from where I previously earned a BS in Computer Science in 2005. I ran an Atlanta-based web hosting business from 1999 until I sold it in 2005.

View my complete profile

Home | Product List | Privacy | Contact