From the course: Secure Coding in Java
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Prevent SQL injection - Java Tutorial
From the course: Secure Coding in Java
Prevent SQL injection
- We're going to spend a considerable amount of time, talking about SQL injection, and how to prevent it. This attack vector, continues to be a major issue across the industry, but it's rather easily mitigated especially in Java. The situation that causes SQL injection, is very straightforward. You start with the SQL statement, that accepts at least one variable. This can be as simple WHERE clause variable, or a VALUES clause variable for instance. The SQL statement, when created in code, must leverage string concatenation or formatting, to insert the input into the SQL statement. Malicious input can then be entered, into the system which repurposed the SQL statement itself. The simplest example on a string variable, is to add an OR clause to your input, and then a statement that will always return true. This will return all data from the table, in an injectable code path, based on the other where clauses that are…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.