[Previous entry: "A tuning book and security?"] [Next entry: "creating read only tables"]
An interesting SQL Injection paper
October 19th, 2004 by Pete
Post to del.icio.us
Post to Furl
I am currently finishing off making changes from technical review comments for the new 6 day hands on SANS Securing Oracle track that I have written and also completing some of the labs. Yesterday I was working on writing a lab that demonstrates SQL Injection techniques in Oracle so I have been looking into what new papers there are out there on SQL Injection. There are not many specifically aimed at Oracle apart from the three part paper for Security focus last year. Links to the three parts can be found here. There are however quite a few papers on SQL Injection but not aimed at Oracle.
I have been looking at other papers on the subject as even though they are for different databases it’s still possible to learn from them. I found a paper and more advanced SQL Injection written by Stephano Di Paola that seems quite interesting. Its written for mySQL and covers SQL Injection for Cross Site Scripting, Phishing and SQL Injection for HTTP response splitting. Even though the paper is not for Oracle i found it interesting material on the subject. The bibliography gives a good list of other SQL Injection, cross site scripting and phishing papers worth reading.
