This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:OWASP Testing Guide v2 Table of Contents"

From OWASP
Jump to: navigation, search
 
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
I believe that publishing this SQL injection as a test method is extremely dangerous. While professional testers know not to drop tables from databases, inexperienced testers or malicious users could attempt this on sites with potentially disastrous effects.
+
The ToC must have a authZ chapter. There's plenty of authZ content, just needs to be moved from business logic testing to a new chapter. [[User:Vanderaj|Vanderaj]] 20:22, 15 January 2007 (EST)
 
 
<pre>
 
SELECT id FROM users WHERE name='' AND pass=''; DROP TABLE users;
 
</pre>
 
 
 
I would recommend using a more benign SQL injection example, such as:
 
 
 
<pre>
 
SELECT id FROM users WHERE name=''or+1=1--' AND pass='';
 
</pre>
 

Latest revision as of 01:22, 16 January 2007

The ToC must have a authZ chapter. There's plenty of authZ content, just needs to be moved from business logic testing to a new chapter. Vanderaj 20:22, 15 January 2007 (EST)

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:OWASP_Testing_Guide_v2_Table_of_Contents&oldid=15403"