Home Forums SQL Server 2012 SQL Server 2012 - T-SQL Is there a way to identify dynamic sql that may be vulnerable to sql injection? RE: Is there a way to identify dynamic sql that may be vulnerable to sql injection?

  • January 3, 2018 at 6:58 am

    #1974214

    juniorDBA13 - Wednesday, January 3, 2018 6:04 AM

    Yes but we support a number of databases and dont have time to check every query so would like someone way to check the databases for vulnerabilities

    I should point out that the hacking attack that took Sony down a few years ago started with SQL injection and ended with a complete compromise of their entire network.
    The Equifax data breach - SQL injection
    etc, etc, etc, http://codecurmudgeon.com/wp/sql-injection-hall-of-shame/

    Maybe ask the company's risk officers whether it's worth the time not to join that list.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass