Archive of Defense Dynamic Cursors Execute sp_executesql Stored Procedure
-
Secure Stored Procedure
Posted in Stored Procedures DefensePrevent SQL injection attacks against stored procedures. As explained in the article about SQL injection attacks against stored procedures, it is possible to create procedures vulnerable to SQLIA. This article details how you can secure your code against SQL injections. As recommended in...
Continue reading this entry → -
Stored Procedure Attacks
Posted in ProceduresUnderstand SQL injection attacks against stored procedures and functions. It is often believed that stored procedures are not vulnerable to SQL injection attacks, but the reality is totally different. In fact, stored procedures and PL/SQL can be vulnerable to SQLIA. This article covers the different situations...
Continue reading this entry → -
Secure PL/SQL
Posted in Stored Procedures DefensePrevent SQL injection attacks against PL/SQL. As explained in the article about SQL injection attacks against PL/SQL, it is possible to create procedures vulnerable to SQLIA. This article details how you can secure PL/SQL code against SQL injections by making only...
Continue reading this entry → -
PL/SQL Attacks
Posted in PL/SQLUnderstand SQL injection attacks against PL/SQL. PL/SQL, like stored procedures, can be vulnerable to SQL injection attacks. When PL/SQL code integrates user input into a query and executes it, we encounter exactly the same problem we have when we build a classic dynamic query. In...
Continue reading this entry → -
Stacked Queries
Posted in SQL Injection TechniquesExecute multiple statements in the same query to extend the possibilities of SQL injections. Stacked queries provide a lot of control to the attacker. By terminating the original query and adding a new one, it will be possible to modify data and call stored procedures. This technique is massively used in SQL injection attacks...
Continue reading this entry →