Additional Defenses as a Mitigation Against Future Mistakes
Explore techniques to mitigate future security mistakes including the proper use of prepared statements for SQL injection prevention and implementing access controls to protect sensitive database tables. Understand the importance of ongoing vigilance and cautious coding practices to strengthen your system's defenses against vulnerabilities.
We'll cover the following...
We'll cover the following...
Prepared statements do not cover it all
Proper use of prepared statements is our primary defense against SQL injection. Prepared statements are great, but we have to remember to use them every time we write code that touches SQL; we’re never “done” with applying this defense. And if we’re building complex, dynamic SQL statements with user input in parts of the SQL that aren’t parameterizable, we need ...