Summary
That was quite a lot of information. When dealing with defense mechanisms, there are a lot of factors to consider, and the more defense mechanisms you apply to your context, the less chance an attacker has to cause damage to your environment. For this reason, using all of the security measures we described in this chapter—or almost all, depending on the context and the applicability of these controls—is very important for security.
This chapter first covered the general aspects of countermeasures against SQL injection—specifically, dealing with user input and controlling data flows. Then, we analyzed specific defenses for dealing with application coding, general patterns to follow in application development, and securing the infrastructure surrounding the application.
As for code-level defenses, we saw how to validate input, using both blacklisting and whitelisting, to only accept safe input. Then, we applied sanitizing measures, both for query statement...