This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Testing for SQL Server
OWASP Testing Guide v2 Table of Contents
Short Description of the Issue (Topic and Explanation)
[SQL injection vulnerabilities] occur whenever input is used in the construction of an SQL query without being adequately constrained or sanitized. The use of dynamic SQL (the construction of SQL queries by concatenation of strings) opens the door to these vulnerabilities. SQL injection allows an attacker to access the SQL servers. It allows for the execution of SQL code under the privileges of the user used to connect to the database.
The Microsoft SQL server has a few particularities so that some exploits need to be specially customized for this application. That's the subject of this section.
Black Box testing and example
Testing for Topic X vulnerabilities:
...
Result Expected:
...
Gray Box testing and example
Testing for Topic X vulnerabilities:
...
Result Expected:
...
References
Whitepapers
...
Tools
...
OWASP Testing Guide v2
Here is the OWASP Testing Guide v2 Table of Contents OWASP Testing Guide v2 Table of Contents
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
