Chapter 5: Preventing SQL Injection with Defensive Solutions
Up until now, we have focused on the offensive aspect of SQL injection. We saw how a malicious user can perform main attack techniques in previous chapters, and what consequences a successful SQL injection attack could have. In a general sense, we saw how in principle, a SQL injection can quite easily result in a fully compromised database, which could leak sensitive information, give attackers full access to connected applications, or totally break the functionality of databases, applications, web services, or even connected devices, independent of the technology used.
In this chapter, we will focus more on the defensive side of things; now that we know that such an impressive and destructive vulnerability exists—and how simple, in principle, it would be to exploit it—how can we stop it? This is the question we are trying to answer here. Obviously, the solution to this problem is not simple, and it usually...