Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

tool for sql injection

Posted on 2013-02-04
3
Medium Priority
?
210 Views
Last Modified: 2013-02-28
my security report came back saying that 1 of my pages could be atacked by sql injection.  Is there agood test tool for free if possible?
0
Comment
Question by:Wigging
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Assisted Solution

by:plusone3055
plusone3055 earned 600 total points
ID: 38851164
0
 
LVL 9

Accepted Solution

by:
WebDevEM earned 800 total points
ID: 38851183
Hi Wigging,

You'd be amazed how often that happens and people don't know it until after they're hacked into... Most times it turns out to be something simple like executing a query based on text that either the user has entered or can be modified between the user and the page that will execute it.  

I used a tool called "Burp" to test a site a while back that my client had found vulnerabilities in.  There is a paid version which will actively search for issues, but the free version worked well for me when I knew what pages to focus on.  It's been a few years since I used it though, so I'm afraid I won't be able to offer any specific advice in the tool.

I hope this helps,

WebDevEM
0
 
LVL 83

Assisted Solution

by:CodeCruiser
CodeCruiser earned 600 total points
ID: 38854454
You can make sure you do not use concatenation with your SQL queries and you will stop SQL injection.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're writing a .NET application to connect to an Access .mdb database and use pre-existing queries that require parameters, you've come to the right place! Let's say the pre-existing query(qryCust) in Access takes a Date as a parameter and l…
A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question