A new article in the September 2004 issue of MSDN Magazine talks about SQL Injection attacks and how you can test for the vulnerabilities and avoid them by validating user input and handing website exceptions.
The article goes a little further and discusses password hashing and how to encrypt a connection string for your web.config file.
Experienced developers will find the article old hat, but if you are new to SQL Injection Attacks and .NET Security, it is a great primer.
The magazine article is located here.
You might want to browse a list of my posts on ASP.NET Security as well as read another one of my posts on SQL Injection Attacks.
|
Main
News
 
 
Green Tea
 
 
.NET Development
 
 
Enterprise Library
Patterns & Practices
|