Archive for November 2016
Introduction to ASP.NET
ASP.NET is a technology under .NET Framework which is used to create web sites.
ASP stands for Active Server Pages.
HTML, CSS and javascript are used as basic building blocks for developing websites using ASP.NET.
C#.NET will act as a code behind language along with ASP.NET to implement the functional logic of websites.
ASP stands for Active Server Pages.
HTML, CSS and javascript are used as basic building blocks for developing websites using ASP.NET.
C#.NET will act as a code behind language along with ASP.NET to implement the functional logic of websites.
Tag :
ASP.NET
SQL Injection
Hacking database by entering input data which maninpulates sql queries is
known as sql injection.
Example:
Expected: select * from tbl_data where name='admin' and pwd='password'
Hacked: select * from tbl_data where name='admin' and pwd=' or 'a'='a'
With sql injection attacker may overwrite or delete data in database, can make app to behave in a different way.
SQL injection can be done using post and get parameters, cookie values, form fields and header values.
Parmeterized sql queries will help in controlling sql injection.
In .NET - > ADO.NET -> SQL queries using parameters(@name) to append values in query is recommended.
Input client side validations will also mitigate sql injection issues.
stored procedures will reduce sql injection.
known as sql injection.
Example:
Expected: select * from tbl_data where name='admin' and pwd='password'
Hacked: select * from tbl_data where name='admin' and pwd=' or 'a'='a'
With sql injection attacker may overwrite or delete data in database, can make app to behave in a different way.
SQL injection can be done using post and get parameters, cookie values, form fields and header values.
Parmeterized sql queries will help in controlling sql injection.
In .NET - > ADO.NET -> SQL queries using parameters(@name) to append values in query is recommended.
Input client side validations will also mitigate sql injection issues.
stored procedures will reduce sql injection.