Skip to content

August 22, 2010

Bobby Tables: A Guide to Preventing SQL Injection

Just came across Bobby-tables.com whilst Stumbling through the ether that is the interwebs.

XKCD strip: bobby-tables

Source: XKCD

The aim of the site is to educate software developers (or anyone else interested in development) in the proper manner in which input should be validated prior to being passed into database queries. There are examples for ASP, ColdFusion, C#, Delphi, .NET, Java, Perl, PHP, PostgreSQL, Python, Ruby, and Schema… what, no COBOL?!

Their core recommendations are sound:

  • Do not create SQL statements that include outside data.
  • Use parameterized SQL calls.

Useful resource. Just thought I’d share.

Related posts:

  1. WordPress <= 3.0.1 Authenticated SQL Injection 0day [Patched]
  2. Wikileaks Releases 250k US Embassy Cables (Chinese Gov’t Responsible for Google Attacks)
  3. Anonymous Deface Westboro Baptist Church Site Live On Air
  4. Pwn Plug Command Execution Using USB Sticks
  5. Hi, I’m a Pen(etration) Tester!
Read more from General, Security, Hacking
, , , , ,

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php