Length: 30 minutes
This introductory course will provide a basic understanding of SQL injection as a pattern of attack and a special case of an overall pattern of injection attacks. The course will explain how that pattern applies to Shell injection, LDAP, XML, JSON and other languages and domains. It will also provide strategies for preventing and fixing injections when testing them in an application.
The primary intended audiences for this course are architects, developers and testers who are either unfamiliar or only somewhat familiar with SQL injections and other injection attacks. Development managers and others in positions to set defect resolution priorities and make implementation solution decisions will also benefit from this material.
Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.