I have created a page on the right-hand bar of this blog for all of the SQL injection articles in this series. Having them all show up in one spot should give you a complete picture on this topic.
When I originally presented this to my organization’s development and IT management teams, I included a list of resources, which I include here for the sake of completeness:
- Kim Tripp on SQL Injection
- Kim Tripp on EXEC vs SP_EXECUTESQL
- Spider Labs’s outstanding survey of SQL injection techniques, which spawned my interest in putting together this series
- How to secure .NET websites from SQL injection
- A SQL injection pocket reference for MySQL and SQL Server
- An ASCII table, for querystring-based attacks
I have also scattered a few links in the articles themselves, so check those out as well.
Since putting together this series, I had the opportunity to read chapter 6 of Denny Cherry’s Securing SQL Server, which is all about SQL injection. I do recommend getting a copy of the book, and although I did not use his book as a reference (because I just read the chapter today, after completing the series), he covers a number of the same topics that I do, but also touches on some items that I did not, such as how to clean up after a SQL injection attack.