Cycubix LTD
Search…
Welcome to Cycubix Docs
Our Cybersecurity Training Courses
Web Application Security Essentials
Introduction
WebGoat | Web Application Security Essentials | Cycubix Docs
OWASP ZAP | Web Application Security Essentials | Cycubix Docs
Solutions
HTTP Basics & Proxies | Web Application Security | Cycubix Docs
A1 - Injection | SQL Injection Intro | Cycubix Docs
A1 - Injection | SQL Injection Advanced | Cycubix Docs
A1 - Injection | SQL Injection Mitigation | Cycubix Docs
SQL Injection Mitigation (5)
SQL Injection Mitigation (6)
SQL Injection Mitigation (10)
A2 - Broken Authentication
A3 - Sensitive Data Exposure
A4 - XML External Entities (XXE)
A5 - Broken Access Control
A7 - Cross-Site Scripting (XSS) | Cycubix Docs
A8 - Insecure Deserialization | Cycubix Docs
CCSP
Domain 1: Cloud Concepts, Architecture, and Design
Domain 2: Cloud Data Security
Domain 3: Cloud Platform and Infrastructure Security
Domain 4: Cloud Application Security
Domain 5: Cloud Security Operations
Domain 6: Legal, Risk, and Compliance
CCSP Resource Materials
CCSP Mind Map | Cycubix Docs
CCSP Official Study Guide
CCSP Official Practice Tests
CCSP Online Test Bank
Secure Coding in .NET Core
Pre-requisites
SQL Injection Exercise
SQL Injection Solution
SQL Injection Cheat Sheets
CISSP
Domain 1: Security and Risk Management
Domain 2: Asset Security
Domain 3: Security Architecture and Engineering
Domain 4: Communication and Network Security
Domain 5: Identity and Access Management (IAM)
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
Domain 8: Software Development Security
CISSP Official Flashcards
CISSP Exam Outline
CISSP Mind Map | Cycubix Docs
CISSP Official Study Guide
CISSP Official Practice Tests
CISSP Online Test Bank
CISSP Glossary
CSSLP
ISC2 CSSLP Official Flashcards
CSSLP Mind Map | Cycubix Docs
CSSLP Exam Outline | Cycubix Docs
Powered By GitBook
A1 - Injection | SQL Injection Mitigation | Cycubix Docs
This lesson describes various mitigations mechanisms against SQL Injection.

Immutable Queries

These are the best defense against SQL injection. They either do not have data that could get interpreted or they treat the data as a single entity that is bound to a column without interpretation.

Static Queries

SELECT * FROM products;
SELECT * FROM users WHERE user = "'" + session.getAttribute("UserID") + "'";

Parameterized Queries

String query = "SELECT * FROM users WHERE last_name = ?";
PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1, accountName);
ResultSet results = statement.executeQuery();

Stored Procedures

Only if stored procedure does not generate dynamic SQL
Previous
SQL Injection Advanced (6)
Next
SQL Injection Mitigation (5)
Last modified 1yr ago
Copy link
Outline
Immutable Queries
Static Queries
Parameterized Queries
Stored Procedures