SQL Injection Myths & Fallacies: Best practices of defense скачать в хорошем качестве

SQL Injection Myths & Fallacies: Best practices of defense

SQL injection is one of the most serious threats to web application security. In this presentation, Bill Karwin, author of SQL Antipatterns, will break down some common myths and give you a better understanding of how you can arm your web apps against SQL injection. ** Check out the slides from this presentation at: http://www.marakana.com/f/210 ** Twelve fallacies debunked by Bill include: I don't have to worry anymore (SQL injection is an "old" problem) Escaping is the fix More escaping is better I can code an escaping function Only user input is unsafe Stored procs are the fix SQL privileges are the fix My app doesn't need to be secure Frameworks are the fix Parameters quote for you Parameters are the fix Parameters make queries slow Head over to Marakana TechTV (http://marakana.com/techtv) to see more educational videos on open source