The test phase is the final stage involving safety checks prior to the release of the product. Check if the security functions in the requirements analysis and design stages meet the expecte... Read more
Using the object-relational mapping (ORM) framework is of positive significance to SQL injection. The best way to fight against SQL injection is to use the precompiled bind variables. There... Read more
The XSS problem can be solved in the view layer. XSS attacks are executed on the user’s browser, and they come into effect by injecting a malicious HTML code in the server-side page renderin... Read more
In modern web development, using the MVC framework is a popular approach. MVC stands for model–view–controller. It divides web applications into three interconnected layers. The view layer c... Read more
In August 2008, Stefan Esser put forward the SQL column truncation attack. In some cases, this leads to some security problems. There is an sql_mode option in the MySQL configuration. When t... Read more
In some cases, the different character encoding may cause some security issues. In the history of injection, there have been character-based injection attacks. Injection attacks often use sp... Read more
In this article, we will take a look at command execution, a type of injection attacks. In MySQL, apart from exporting webShell to execute commands indirectly, “user-defined function” (UDF)... Read more
In this article, we will look at common database attack techniques. Through SQL injection, the attacker can guess the corresponding version of the database. For example, in the following pay... Read more
In this article, we will look at an advanced blind technique, timing attack. On March 27, 2011, a hacker named TinKode published details obtained when he had invaded mysql.com in the well-kn... Read more
For most cases, web servers shut down error echo; then, there is no way to successfully implement the SQL injection attack. The attacker finally comes up with a so-called “blind” (blind inje... Read more
Recent Comments