Solved

tool for sql injection

Posted on 2013-02-04
3
203 Views
Last Modified: 2013-02-28
my security report came back saying that 1 of my pages could be atacked by sql injection.  Is there agood test tool for free if possible?
0
Comment
Question by:Wigging
3 Comments
 
LVL 22

Assisted Solution

by:plusone3055
plusone3055 earned 150 total points
ID: 38851164
0
 
LVL 9

Accepted Solution

by:
WebDevEM earned 200 total points
ID: 38851183
Hi Wigging,

You'd be amazed how often that happens and people don't know it until after they're hacked into... Most times it turns out to be something simple like executing a query based on text that either the user has entered or can be modified between the user and the page that will execute it.  

I used a tool called "Burp" to test a site a while back that my client had found vulnerabilities in.  There is a paid version which will actively search for issues, but the free version worked well for me when I knew what pages to focus on.  It's been a few years since I used it though, so I'm afraid I won't be able to offer any specific advice in the tool.

I hope this helps,

WebDevEM
0
 
LVL 83

Assisted Solution

by:CodeCruiser
CodeCruiser earned 150 total points
ID: 38854454
You can make sure you do not use concatenation with your SQL queries and you will stop SQL injection.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Recommendation vb6 to vb.net or others 14 112
LINQ - C# to VB convertion 12 48
VB.net/WinForms: adjust Screen Resolution 6 42
Put window Form inside tab page 10 26
I think the Typed DataTable and Typed DataSet are very good options when working with data, but I don't like auto-generated code. First, I create an Abstract Class for my DataTables Common Code.  This class Inherits from DataTable. Also, it can …
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now