Hi Steve,
Nice paper. However, one small nitpick - under "Mitigations" you list using
stored procedures if the database supports them. I've seen other people
suggest this as a defensive strategy as well.
Using stored procedures will *not* protect you from SQL injection attacks.
Firstly, they can b...
Nice paper. However, one small nitpick - under "Mitigations" you list using
stored procedures if the database supports them. I've seen other people
suggest this as a defensive strategy as well.
Using stored procedures will *not* protect you from SQL injection attacks.
Firstly, they can b...
[ more ]