Home Forums SQL Server 2012 SQL Server 2012 - T-SQL Is there a way to identify dynamic sql that may be vulnerable to sql injection? RE: Is there a way to identify dynamic sql that may be vulnerable to sql injection?

  • January 3, 2018 at 12:33 pm

    #1974323

    All those options are nice, but you still need to check for the front end code. Back when I started coding, we used to concatenate sql strings on the front end and would appear as ad-hoc calls in the database.
    I know that there are some tools that help to identify vulnerabilities, but I don't use any of them and can't recommend them.

    Luis C.
    General Disclaimer:
    Are you seriously taking the advice and code from someone from the internet without testing it? Do you at least understand it? Or can it easily kill your server?

    How to post data/code on a forum to get the best help: Option 1 / Option 2