Dr. Drew Hwang, CIS, Cal Poly Pomona
Home
101
WDD
ECOMM
SWA
SP
Secure Web Development
Home
Basics
Offense
Defense
SDLC
Code
Access
Parameter
Perimeter
Browser
Industry
Resource
Home
Description
Topics
Tools
Final
Exercises
Browser Proxy
SQL Injection
Messageboard XSS
Session Hijacking
Individual Projects
Input Validation
Defending SQL Injection
CAPTCHA Integration
Cryptography/Hashing
Access Control
Defending CSRF
Team Projects
Security Requirements
Issues in SWA
Print
Project: Defending SQL Injection
Description
Download
the Grades Central for VS2012
or the
Grades Central for VS2010
, an ASP.net website. Develop defensive measures to defend the database from SQL injection.
Requirements
Set #1
Use
regex
to indentify the metachacaters that could cause SQL injection and reject the input.
Do not send error messages to the browser.
Avoid dynamic SQL with concatenated input.
Set #2
Use different login ids for SELECT, UPDATE or DELETE statement.
Use stored procedures.
Project Submission
Send the project to cis491projects@yahoo.com
Subject: Project 2 - first name and last name - VS2010 or VS2012
Grading
Set #1: 100%
Set #2: extra 30%
News in the Making
(source:
cgisecurity.com
)