SQL Injection Attacks – DunDDD 2012
17 November, 2012 Leave a comment
The examples were run against a copy of the Adventure Works database.
- Basic Demo (ASP.NET MVC / C# / Visual Studio 2010)
- Second Order Demo (WinForms / C’# / Visual Studio 2010)
For the Second Order Demo you need the following table added to the Adventure Works database:
CREATE TABLE [dbo].[FavouriteSearch]( [id] [int] IDENTITY(1,1) NOT NULL, [name] [nvarchar](128) NOT NULL, [searchTerm] [nvarchar](1024) NOT NULL ) ON [PRIMARY] GO
The slide deck is available for download in PDF format.
During the talk I mentioned a lesson from history on why firewalls are not enough.
I wrote a fuller article on SQL Injection Attacks that you can read here although it is a few years old now, it is still relevant given that SQL Injection Attacks remain at the top of the OWASP list of vulnerabilities.