Jay Taylor's notes

back to listing index

How to audit for SQL injection in production environments

[web search]
Original source unknown
Clipped on: 2011-11-17
- Scrub string and number values from a log of queries
- Build a map of pairs of unique queries / hash of query
- Make sure these queries look good
- Now you have a whitelist of audited queries, whenever you see a new type of query, review to make sure it looks okay.

Thanks goes to Artem Veremey for this.