Article - Security Testing Reference : SQL Injection

Resource

Article [7191]

General [1034]

Acceptance [63]

Ad Hoc [28]

Agile, Scrum [230]

Black Box [117]

Bug, Defect [258]

DB, Test Data [274]

Environment [41]

Functional [116]

Glossary, Term [74]

GUI, Usability [98]

Integrate test [46]

Interview, FAQ [288]

Manual Testing [117]

Methodology [231]

Metrics [327]

Mobile, Embed [153]

Performance [327]

Process [194]

Requirement [124]

Review, Static [102]

Risk [99]

Security Test [215]

Standard, ISO [179]

Test Automate [352]

Test Case [340]

Test Design [69]

Test Plan [311]

Test Manage [227]

Test Script [56]

Test Technique [265]

Tool [178]

Tool- Jmeter [40]

Tool- Selenium [125]

Unit Test [165]

Web Test [258]

White Box [70]

Ebook [1164]

General [277]

Acceptance [3]

Agile, Scrum [24]

DB Test [76]

Development [137]

GUI, Usability [17]

Interview, FAQ [9]

Java Test [69]

Metrics [17]

Mobile, Embed [14]

Performance [49]

Process [11]

Requirement [55]

Review, Analysis [8]

Risk [7]

Security Test [71]

Standard [20]

Test Manage [85]

Test Automate [84]

Tool [8]

Unit Test [67]

Web Test [60]

Testing Tool [2275]

Acceptance [25]

Agile, Scrum [42]

Bug Tracking [127]

Build, Release [27]

Environment [58]

DB, Test Data [83]

Functional [240]

GUI, Usability [79]

Java Test [71]

Metrics [57]

Mobile, Embed [79]

Network Test [67]

Performance [221]

Requirement [62]

Review, Static [105]

Security Test [111]

Test Design [52]

Test Manage [208]

Unit, Debug [224]

Utility, Capture [97]

Web Testing [234]

Magazine [500]

Magazine [301]

Newsletter [198]

Video [622]

Link [813]

Blog [159]

Resources [380]

Website [240]

Tools [30]

News [2773]

Conference [490]

2013 [17]

2012 [39]

2011 [104]

2010 [180]

2009 and Older [149]

Webinar [914]

Jobs [869]

Test Lead [93]

SQA, QA [255]

Tester [413]

Automate, QTP [89]

Security Tester [18]

Certification Resource

CTFL [607]

Manual [349]

Sample Exam [256]

CTAL [269]

CTEL [35]

CSTE, CSQA [198]

CSQE [41]

CMMI, TMMI [135]

PMP [114]

ITIL [67]

Six Sigma [41]

HP [1185]

QTP [737]

Quality Center [167]

LoadRunner [206]

Winrunner [39]

Others [36]

IBM [122]

RFT [32]

RPT [11]

RTM [19]

RUP [15]

Others [45]

MicroFocus [76]

Compuware [22]

Borland [33]

Other [80]

Forum

Forum [1935]

Book [56]

Certification [48]

Conference [64]

ISTQB [158]

QTP [92]

Software Test [1062]

Standard, ISO [89]

Testing Tool [287]

Resource > Articles & Papers

Total Articles 215

Join
Login

Security Testing Reference : SQL Injection

steviiy

http://www.vietnamesetestingboard.org/zbxe/?document_srl=394130

2010.10.04 02:56:51

2155

Security Test

Table of Contents
OVERVIEW    3
WHAT ARE PERSONAS    3
Business Decision Maker    4
Architect    4
Developer    4
Tester/QA    4
UNDERSTANDING SQL INJECTION FOR THE BUSINESS DECISION MAKER    4
Risk    4
Business Impact    5
Fixing the Code    6
Resources and Training for Business Decision Makers    7
UNDERSTANDING SQL INJECTION FOR THE ARCHITECT/PM    7
Identifying the Problem    7
Common SQL Injection Attacks    7
Designing a Fix    7
Tools for Designing Software That Prevents SQL Injection Vulnerabilities    9
Resources and Training for Architects/PMs    9
UNDERSTANDING SQL INJECTION ATTACKS FOR THE DEVELOPER    9
Example of SQL Injection    9
Example of a SQL Injection by Truncation Attack    10
Writing Secure Code    12
Constrain Input    12
Use Parameterized SQL Queries    13
Use Proper Escaping Techniques to Handle Special Input Characters    14
Calculate Buffer Lengths Properly    15
Additional Considerations    16
Use a Least-Privileged Database Account    16
Avoid Disclosing Detailed Error Information    16
Tools and Libraries    17
Resources and Training for Developers    17
UNDERSTANDING SQL INJECTION VULNERABILITIES FOR THE TESTER/QA    17
Map Out the Site and Its Functionality    17
Start Testing and Pay Attention to the Output    18
Techniques for Finding Various Types of SQL Injection Vulnerabilities    18
Code Reviews    18
Building Improvements into Black Box Testing    19
Tools You Can Use    19
Resources and Training for Testers    19
THE MICROSOFT SDL AND PREVENTING SQL INJECTION ATTACKS    20
Long-Term Solutions    20
CONCLUSION    21
ACKNOWLEDGMENTS    21

You would..

Related Documents

Security Testing Reference - SQL Injection.docx (601.2KB)(10)

List

2010.10.04 12:36:20

proftester

Thank you for your file.

2011.03.29 16:47:43

MrJi

your file is helpful to me

2011.06.09 13:49:36

blackrose

Thank you!

2012.03.15 18:16:12

balaji4m

Its really usefull information.

Thanks

2012.03.31 04:38:14

vikasrao

thank you.

2013.03.20 10:57:23

nguyenptvn

thanks a lot

No.		Author
215	Lightweight Directory Access Protocol (LDAP) Injection 2	socrates
214	Coding and Cryptography 1	deepu.1
213	Authentication General Guidelines 1	socrates
212	HOW TO START AN ONLINE BUSINESS 4	oyinlami
211	IEC standard for hazardous area 1	tinmyothaw
210	Cross Site Scripting Explained 2	satyaneer77
209	SQL Injection Explained 5	satyaneer77
208	Document About Cookie 2	vinee
207	An Approach for Security Testing	faissey360
206	What Can be Done to Make Your Software Secure? 3	estrella
205	Selecting Security Testing Tactics	estrella
204	Some Facts about Security Testing 2	estrella
203	Is Your Website Hackable? 1	mercurial4u
202	Web Application Scanners Accuracy Assessment & Feature Comparison Commercial & Open Source Scanners 1	mercurial4u
201	Code Security Review Guidelines	mercurial4u
200	Security Test Cases 3	incredible
199	Security Testing for Web Applications 1	TPTSESHU
198	Security Testing Fundamentals 1	incredible
197	OWASP Web Application Penetration Checklist	yssram
196	Security Testing for Web Applications 2	TPTSESHU
195	Security TestCases for all the type of Security testing Types 10	sonyqa
194	Web Application Security Testing CheckList 9	sonyqa
193	User Guide for Paros v2.x 1	Chanty
192	Security Testing Techniques 2	kool-eTester
191	What is Security testing and what are the main things to test in Security Testing?	kool-eTester
190	Manual Penetration Testinng 4	kool-eTester
189	Simplified Implementation of the Microsoft SDL 1	kool-eTester
188	10 Free and Open Source Tools For Security Testing 7	priyastrivedi
187	Understanding Security Testing 1	chkm32
186	Are your web applications vulnerable? 3	reallifel
185	Software Testing – Security Testing	epi.test.hn
184	Security Penetration Testing 5	vaishali31
183	Software Security Testing 3	Subrat
182	Security testing 2	vinu81
181	The 2011 (ISC)2 Global Information Security Workforce Study 1	Afroze
180	What does security means 1	MalkhedeMM
179	Website Security Testing 7	indiareks
178	Details of Requirements for Network Vulnerability Assessment and Network Performance Analysis - Audit	rock1999
177	Paros Proxy Installation help	Jaden
176	Vulnerability Assessment	inaxis
175	XSS Vulnerability testing 1	Jaden
174	SQL Injection 5	marrisa
173	Linux and putty	pank987
172	security testing fundamentals 1	reallifel
171	Pen-test tools pocket reference guide 2	Albator
170	OWASP Testing Guide 5	ksiang
169	An approach for Security Testing of Web Applications 4	h2pqmin
168	SQL - injection: How to Test web applications against SQL attacks 6	h2pqmin
167	100+ Open Source/Free Security Tools 4	vivekjog
166	Password Recovery for Security Testing 1	Commander