This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:SQL"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This category is used for tagging anything related to SQL.  
+
{{taggedDocument
 +
| type=inactiveDraft
 +
| lastRevision=2016-07-30
 +
| comment=Incomplete draft content.Possible duplicated info in OWASP guides
 +
}}
 +
= Main =
  
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
== About  ==
 +
 +
The OWASP SQL and database Scripting Technology Knowledge Base is the clearing house for all information related to building secure database related applications, as well as services based on SQL and SQL scripting technologies. The focus of the project is on guidance for developers and architects using SQL frameworks, on SQL based technologies for web and distributed application development, on OWASP components that deal with SQL related topics and on participation in OWASP projects that use SQL, PL/SQL, SQL scripting languages and related technologies. Moreover, we aim to provide security related guidance for system administrators managing SQL based applications and tools.
 +
 +
Community content is key to security information. The project depends on content from developers throughout the SQL, PL/SQL and database programming ecosystem.
 +
 +
==Purpose==
 +
 +
* Provide deep, rich guidance for SQL, PL/SQL and similar languages, as well as database developers in general, in using the security features of SQL, SQL frameworks and various databases.
 +
* Address security in relation to the SQL, PL/SQL and derived scripting technologies, including database programming.
 +
* Guide system administrators in managing database components and applications - always in relation to security.
 +
* Create guidance for use of OWASP components that are designed for use with SQL and databases.
 +
* Focus on information about working with and on OWASP tools built using SQL or related SQL technologies.
 +
* Provide a stream of security related information, like vulnerabilities and security patches, related to the SQL and database security universe.
 +
* Build an ecosystem allowing to all actors interested to discuss, share and learn.
 +
 +
 +
== Licensing ==
 +
 +
OWASP SQL Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 +
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
== Team ==
 +
 +
Lead: none.
 +
 +
 +
 +
<br/>
 +
 +
== Meta ==
 +
 +
Last Update: 1/2016
 +
 +
<br/>
 +
 +
== Other Resources ==
 +
 +
 +
<br/>
 +
 +
== Related Projects ==
 +
 +
* [[OWASP_Project|OWASP Project Repository]]
 +
* [[Language|Languages Repository]]
 +
* [[OWASP_.NET_Project|.NET Project]]
 +
* [[Ruby|Ruby]]
 +
* [[PHP|PHP]]
 +
* [[Perl|Perl]]
 +
* [[Python|Python]]
 +
* [[JavaScript|JavaScript]]
 +
* [[C/C++|C/C++]]
 +
* [[SQL|SQL, PL/SQL, DB Scripting]]
 +
* [[OWASP_Internet_of_Things_Project|OWASP IoT Security]]
 +
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security]]
 +
 +
|}
 +
 +
= Related Resources =
 +
 +
{| style="padding:0; margin:0; margin-top:10px; text-align:left; width:100%;" |-
 +
| valign="top" style="border-right: 1px dotted gray; padding-right:25px; width:30%; float:left;" |
 +
 +
== Mailing List ==
 +
 +
(none)
 +
 +
| valign="top" style="padding-left:25px; width:30%; min-width:30%; border-right:1px dotted gray; padding-right:25px; float:left;" |
 +
 +
== Twitter Feed ==
 +
 +
None.
 +
 +
 +
| valign="top" style="padding-left:25px; width:30%; float:left;" |
 +
 +
== Code Repository ==
 +
 +
None.
 +
 +
|}
 +
 +
== Related Project Resources ==
 +
 +
 +
[[OWASP_Project|OWASP Project Repository]]
 +
 +
[[Language|Languages Repository]]
 +
 +
[[OWASP_.NET_Project|.NET Project]]
 +
 +
[[Ruby|Ruby Technology Knowledge Base]]
 +
 +
[[PHP|PHP Technology Knowledge Base]]
 +
 +
[[Perl|Perl Technology Knowledge Base]]
 +
 +
[[Python|Python Technology Knowledge Base]]
 +
 +
[[JavaScript|JavaScript Technology Knowledge Base]]
 +
 +
[[C/C++|C/C++ Technology Knowledge Base]]
 +
 +
[[SQL|SQL, PL/SQL and DB Scripting Technology Knowledge Base]]
 +
 +
[[OWASP_Internet_of_Things_Project|OWASP IoT Security Project]]
 +
 +
[[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
 +
 +
= Project Pages =
 +
 +
<br/>
 +
 +
== PL/SQL ==
 +
 +
'''Pages under review'''
 +
 +
* [[PL/SQL:SQL Injection]]
 +
* [[PL/SQL:Cursor Injection]]
 +
* [[PL/SQL:Dangling Cursor Snarfing]]
 +
* [[PL/SQL:Buffer overflow]]
 +
* [[PL/SQL:Privilege escalation]]
 +
 +
<br/>
 +
 +
<br/>
 +
 +
 +
== Documents ==
 +
 +
[[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]
 +
 +
[[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
 +
 +
[[Cheat_Sheets|OWASP Cheat Sheets Series]]
 +
 +
[[OWASP_Testing_Project|OWASP Testing Project]]
 +
 +
[[OWASP_Top_Ten_Project|OWASP Web Top 10]]
 +
 +
[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory]]
 +
 +
<br/>
 +
 +
<br/>
 +
 +
 +
 +
 +
 +
= Technologies =
 +
 +
== SQL ==
 +
 +
SQL (Structured Query Language) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).
 +
 +
SQL was one of the first commercial languages for Edgar F. Codd's relational model, as described in his influential 1970 paper, "A Relational Model of Data for Large Shared Data Banks.". Despite not entirely adhering to the relational model as described by Codd, it became the most widely used database language.
 +
 +
SQL became a standard of the American National Standards Institute (ANSI) in 1986, and of the International Organization for Standardization (ISO) in 1987. Since then, the standard has been revised to include a larger set of features. Despite the existence of such standards, though, most SQL code is not completely portable among different database systems without adjustments.
 +
 +
https://en.wikipedia.org/wiki/SQL
 +
 +
<br/>
 +
 +
== PL/SQL ==
 +
 +
PL/SQL (Procedural Language/Structured Query Language) is Oracle(tm) Corporation's proprietary procedural extension to the SQL database language. Some other SQL database management systems offer similar extensions to the SQL language. PL/SQL's syntax strongly resembles that of ADA.
 +
 +
The key strength of PL/SQL is its tight integration with the Oracle database.
 +
 +
PL/SQL is one of three languages embedded in the Oracle Database, the other two being SQL and Java.
 +
 +
http://en.wikipedia.org/wiki/PL/SQL
 +
 +
<br/>
 +
 +
== SQL PL ==
 +
 +
SQL PL stands for Structured Query Language Procedural Language and was developed by IBM as a set of commands that extend the use of SQL in the IBM DB2 (DB2 UDB Version 7) database system. It provides procedural programmability in addition to the querying commands of SQL. It is a subset of the SQL Persistent Stored Modules (SQL/PSM) language standard.
 +
 +
https://en.wikipedia.org/wiki/SQL_PL
 +
 +
<br/>
 +
 +
== Transact-SQL ==
 +
 +
Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to SQL. SQL, the acronym for Structured Query Language, is a standardized computer language that was originally developed by IBM for querying, altering and defining relational databases, using declarative statements. T-SQL expands on the SQL standard to include procedural programming, local variables, various support functions for string processing, date processing, mathematics, etc. and changes to the DELETE and UPDATE statements. These additional features make Transact-SQL Turing complete.
 +
 +
Transact-SQL is central to using Microsoft SQL Server. All applications that communicate with an instance of SQL Server do so by sending Transact-SQL statements to the server, regardless of the user interface of the application.
 +
 +
https://en.wikipedia.org/wiki/Transact-SQL
 +
 +
 +
 +
 +
 +
= Get involved =
 +
 +
 +
<TBD>
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
= Archives =
 +
 +
(nothing)
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
__NOTOC__
 +
<headertabs />
 +
 +
<br/>
 +
 +
 +
'''IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated.'''
 +
 +
<!-- Wikimedia insert  classified list here -->
 +
 +
[[Category:Technology]]
 
[[Category:Language]]
 
[[Category:Language]]
[[Category:Database]]
 
[[Category:Technology]]
 

Latest revision as of 20:57, 30 July 2016

This page contains draft content that has never been finished. Please help OWASP update this content! See FixME.
Last revision (yyyy-mm-dd): 2016-07-30
Comment: Incomplete draft content.Possible duplicated info in OWASP guides

About

The OWASP SQL and database Scripting Technology Knowledge Base is the clearing house for all information related to building secure database related applications, as well as services based on SQL and SQL scripting technologies. The focus of the project is on guidance for developers and architects using SQL frameworks, on SQL based technologies for web and distributed application development, on OWASP components that deal with SQL related topics and on participation in OWASP projects that use SQL, PL/SQL, SQL scripting languages and related technologies. Moreover, we aim to provide security related guidance for system administrators managing SQL based applications and tools.

Community content is key to security information. The project depends on content from developers throughout the SQL, PL/SQL and database programming ecosystem.

Purpose

  • Provide deep, rich guidance for SQL, PL/SQL and similar languages, as well as database developers in general, in using the security features of SQL, SQL frameworks and various databases.
  • Address security in relation to the SQL, PL/SQL and derived scripting technologies, including database programming.
  • Guide system administrators in managing database components and applications - always in relation to security.
  • Create guidance for use of OWASP components that are designed for use with SQL and databases.
  • Focus on information about working with and on OWASP tools built using SQL or related SQL technologies.
  • Provide a stream of security related information, like vulnerabilities and security patches, related to the SQL and database security universe.
  • Build an ecosystem allowing to all actors interested to discuss, share and learn.


Licensing

OWASP SQL Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Team

Lead: none.



Meta

Last Update: 1/2016


Other Resources


Related Projects

SQL

SQL (Structured Query Language) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).

SQL was one of the first commercial languages for Edgar F. Codd's relational model, as described in his influential 1970 paper, "A Relational Model of Data for Large Shared Data Banks.". Despite not entirely adhering to the relational model as described by Codd, it became the most widely used database language.

SQL became a standard of the American National Standards Institute (ANSI) in 1986, and of the International Organization for Standardization (ISO) in 1987. Since then, the standard has been revised to include a larger set of features. Despite the existence of such standards, though, most SQL code is not completely portable among different database systems without adjustments.

https://en.wikipedia.org/wiki/SQL


PL/SQL

PL/SQL (Procedural Language/Structured Query Language) is Oracle(tm) Corporation's proprietary procedural extension to the SQL database language. Some other SQL database management systems offer similar extensions to the SQL language. PL/SQL's syntax strongly resembles that of ADA.

The key strength of PL/SQL is its tight integration with the Oracle database.

PL/SQL is one of three languages embedded in the Oracle Database, the other two being SQL and Java.

http://en.wikipedia.org/wiki/PL/SQL


SQL PL

SQL PL stands for Structured Query Language Procedural Language and was developed by IBM as a set of commands that extend the use of SQL in the IBM DB2 (DB2 UDB Version 7) database system. It provides procedural programmability in addition to the querying commands of SQL. It is a subset of the SQL Persistent Stored Modules (SQL/PSM) language standard.

https://en.wikipedia.org/wiki/SQL_PL


Transact-SQL

Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to SQL. SQL, the acronym for Structured Query Language, is a standardized computer language that was originally developed by IBM for querying, altering and defining relational databases, using declarative statements. T-SQL expands on the SQL standard to include procedural programming, local variables, various support functions for string processing, date processing, mathematics, etc. and changes to the DELETE and UPDATE statements. These additional features make Transact-SQL Turing complete.

Transact-SQL is central to using Microsoft SQL Server. All applications that communicate with an instance of SQL Server do so by sending Transact-SQL statements to the server, regardless of the user interface of the application.

https://en.wikipedia.org/wiki/Transact-SQL



<TBD>





(nothing)









IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated.

Subcategories

This category has the following 2 subcategories, out of 2 total.

O

Pages in category "SQL"

The following 2 pages are in this category, out of 2 total.