This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 20:57, 30 July 2016 by Johanna Curiel (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This page contains draft content that has never been finished. Please help OWASP update this content! See FixME.
Last revision (yyyy-mm-dd): 2016-07-30
Comment: Incomplete draft content.Possible duplicated info in OWASP guides


The OWASP SQL and database Scripting Technology Knowledge Base is the clearing house for all information related to building secure database related applications, as well as services based on SQL and SQL scripting technologies. The focus of the project is on guidance for developers and architects using SQL frameworks, on SQL based technologies for web and distributed application development, on OWASP components that deal with SQL related topics and on participation in OWASP projects that use SQL, PL/SQL, SQL scripting languages and related technologies. Moreover, we aim to provide security related guidance for system administrators managing SQL based applications and tools.

Community content is key to security information. The project depends on content from developers throughout the SQL, PL/SQL and database programming ecosystem.


  • Provide deep, rich guidance for SQL, PL/SQL and similar languages, as well as database developers in general, in using the security features of SQL, SQL frameworks and various databases.
  • Address security in relation to the SQL, PL/SQL and derived scripting technologies, including database programming.
  • Guide system administrators in managing database components and applications - always in relation to security.
  • Create guidance for use of OWASP components that are designed for use with SQL and databases.
  • Focus on information about working with and on OWASP tools built using SQL or related SQL technologies.
  • Provide a stream of security related information, like vulnerabilities and security patches, related to the SQL and database security universe.
  • Build an ecosystem allowing to all actors interested to discuss, share and learn.


OWASP SQL Technology Knowledge Base is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


Lead: none.


Last Update: 1/2016

Other Resources

Related Projects


SQL (Structured Query Language) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).

SQL was one of the first commercial languages for Edgar F. Codd's relational model, as described in his influential 1970 paper, "A Relational Model of Data for Large Shared Data Banks.". Despite not entirely adhering to the relational model as described by Codd, it became the most widely used database language.

SQL became a standard of the American National Standards Institute (ANSI) in 1986, and of the International Organization for Standardization (ISO) in 1987. Since then, the standard has been revised to include a larger set of features. Despite the existence of such standards, though, most SQL code is not completely portable among different database systems without adjustments.


PL/SQL (Procedural Language/Structured Query Language) is Oracle(tm) Corporation's proprietary procedural extension to the SQL database language. Some other SQL database management systems offer similar extensions to the SQL language. PL/SQL's syntax strongly resembles that of ADA.

The key strength of PL/SQL is its tight integration with the Oracle database.

PL/SQL is one of three languages embedded in the Oracle Database, the other two being SQL and Java.


SQL PL stands for Structured Query Language Procedural Language and was developed by IBM as a set of commands that extend the use of SQL in the IBM DB2 (DB2 UDB Version 7) database system. It provides procedural programmability in addition to the querying commands of SQL. It is a subset of the SQL Persistent Stored Modules (SQL/PSM) language standard.


Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to SQL. SQL, the acronym for Structured Query Language, is a standardized computer language that was originally developed by IBM for querying, altering and defining relational databases, using declarative statements. T-SQL expands on the SQL standard to include procedural programming, local variables, various support functions for string processing, date processing, mathematics, etc. and changes to the DELETE and UPDATE statements. These additional features make Transact-SQL Turing complete.

Transact-SQL is central to using Microsoft SQL Server. All applications that communicate with an instance of SQL Server do so by sending Transact-SQL statements to the server, regardless of the user interface of the application.



IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated.


This category has the following 2 subcategories, out of 2 total.


Pages in category "SQL"

The following 2 pages are in this category, out of 2 total.