Solved

tool for sql injection

Posted on 2013-02-04
3
205 Views
Last Modified: 2013-02-28
my security report came back saying that 1 of my pages could be atacked by sql injection.  Is there agood test tool for free if possible?
0
Comment
Question by:Wigging
3 Comments
 
LVL 22

Assisted Solution

by:plusone3055
plusone3055 earned 150 total points
ID: 38851164
0
 
LVL 9

Accepted Solution

by:
WebDevEM earned 200 total points
ID: 38851183
Hi Wigging,

You'd be amazed how often that happens and people don't know it until after they're hacked into... Most times it turns out to be something simple like executing a query based on text that either the user has entered or can be modified between the user and the page that will execute it.  

I used a tool called "Burp" to test a site a while back that my client had found vulnerabilities in.  There is a paid version which will actively search for issues, but the free version worked well for me when I knew what pages to focus on.  It's been a few years since I used it though, so I'm afraid I won't be able to offer any specific advice in the tool.

I hope this helps,

WebDevEM
0
 
LVL 83

Assisted Solution

by:CodeCruiser
CodeCruiser earned 150 total points
ID: 38854454
You can make sure you do not use concatenation with your SQL queries and you will stop SQL injection.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're writing a .NET application to connect to an Access .mdb database and use pre-existing queries that require parameters, you've come to the right place! Let's say the pre-existing query(qryCust) in Access takes a Date as a parameter and l…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question