Welcome
to the Tutorial
on Defending Against SQL Injection Attacks!
Without proper safeguards, applications are vulnerable to various forms of security attack. One particularly pervasive method of attack is called SQL injection. Using this method, a hacker can pass string input to an application in hopes of gaining unauthorized access to a database.
By taking this self-study tutorial, you can arm yourself with techniques and tools to strengthen your code and applications against these attacks. This tutorial employs text and diagrams to present concepts, design issues, coding standards, processes, and tools. Flash-based demos and simulations allow you to visualize what you have learned, and assessment quizzes help you gauge your learning progress.
Learning Objectives
After taking this tutorial, you should be able to:
 |
Categorize and explain various types of SQL injection attacks |
|
Describe coding and design strategies for avoiding SQL injection attacks |
|
Use DBMS_ASSERT to validate input values |
|
Use code review tools to help identify possible SQL injection vulnerabilities |
|
Apply coding standards to eliminate SQL injection vulnerabilities
|
Last updated: November 23, 2007
Copyright 2007, Oracle ®. All rights reserved.
