Joseph Sinclair gives us the experiential slant, as usual!
*
*
I like the full set of Backend tools from OWASP:
http://www.owasp.org/index.php/OWASP_Backend_Security_Project_Tools i.e.
SQL Dumper
I really like the OWASP site for their comprehensive study of this subject:
http://www.owasp.org/ind
It's not going to find everything, and it's definitely not a fully-automated
tool, but I find the SQLInjectMe plugin for Firefox to be a very useful tool
for SQL injection testing.
For more automated scanning, you might try Wikto
(http://www.sensepost.com/research/wikto/), although I don't know
The classic recommendation to protect yourself from SQL injection is to
use parameterized queries religiously. A potential SQL injection point
is anywhere you concatenate SQL including user contributed text instead
of putting the user text into a SQL parameter.
A side effect of parameterized que
On Tue, Dec 1, 2009 at 7:16 PM, Joe wrote:
> Hey all,
>
> Can anyone (Lisa, I'm looking in your direction) recommend a decent SQL
> injection scanner? I don't really care if it's server-side or
> client-side since it's my server, and I don't need to *exploit* the
> injection points, I just need a
