How to audit for SQL injection in production environments

Original source unknown

Tags:

Clipped on: 2011-11-17

- Scrub string and number values from a log of queries

- Build a map of pairs of unique queries / hash of query

- Make sure these queries look good

- Now you have a whitelist of audited queries, whenever you see a new type of query, review to make sure it looks okay.

Thanks goes to Artem Veremey for this.