This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing for SQL Server"

From OWASP
Jump to: navigation, search
 
(Short Description of the Issue (Topic and Explanation))
Line 2: Line 2:
  
 
== Short Description of the Issue (Topic and Explanation) ==  
 
== Short Description of the Issue (Topic and Explanation) ==  
...<br>
+
[[http://www.owasp.org/index.php/SQL_Injection_AoC SQL injection vulnerabilities]] occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized. The use of dynamic SQL (the construction of SQL queries by concatenation of strings) opens the door to these vulnerabilities. SQL injection allows an attacker to access the SQL servers. It allows for the execution of SQL code under the privileges of the user used to connect to the database.
 +
 
 +
The Microsoft SQL server has a few particularities so that some exploits need to be specially customized for this application. That's the subject of this section.
  
 
== Black Box testing and example ==
 
== Black Box testing and example ==

Revision as of 20:44, 3 November 2006

OWASP Testing Guide v2 Table of Contents

Short Description of the Issue (Topic and Explanation)

[SQL injection vulnerabilities] occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized. The use of dynamic SQL (the construction of SQL queries by concatenation of strings) opens the door to these vulnerabilities. SQL injection allows an attacker to access the SQL servers. It allows for the execution of SQL code under the privileges of the user used to connect to the database.

The Microsoft SQL server has a few particularities so that some exploits need to be specially customized for this application. That's the subject of this section.

Black Box testing and example

Testing for Topic X vulnerabilities:
...
Result Expected:
...

Gray Box testing and example

Testing for Topic X vulnerabilities:
...
Result Expected:
...

References

Whitepapers
...
Tools
...


OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents OWASP Testing Guide v2 Table of Contents

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.