From the course: Secure Coding in Java
Join today to access over 25,300 courses taught by industry experts.
Prevent SQL injection
From the course: Secure Coding in Java
Prevent SQL injection
- [Instructor] We're going to spend a considerable amount of time talking about SQL injection and how to prevent it. This attack vector continues to be a major issue and it's rather easily mitigated. The situation that caused SQL injection is actually very straightforward. You start with the SQL statement with an open-ended predicate that you are expecting to add to with the user input. The SQL statement in code must leverage string concatenation or formatting to insert the input into the SQL statement itself. When you are in the situation, malicious input can then be entered, which repurposes the SQL statement to do more than expected. The simplest example on a string variable is to add an OR clause that always returns true. This will return all data from the table in an injectable code path. We're going to walk through very quickly an example. What I've created is a very simple method here, called demoMethod, that takes a string input and throws a SQL exception. Now, the first line…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.