Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Advanced Oracle PL/SQL Developer's Guide (Second Edition)

You're reading from   Advanced Oracle PL/SQL Developer's Guide (Second Edition) Master the advanced concepts of PL/SQL for professional-level certification and learn the new capabilities of Oracle Database 12c

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781785284809
Length 428 pages
Edition 2nd Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Saurabh K. Gupta Saurabh K. Gupta
Author Profile Icon Saurabh K. Gupta
Saurabh K. Gupta
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Overview of PL/SQL Programming Concepts FREE CHAPTER 2. Oracle 12c SQL and PL/SQL New Features 3. Designing PL/SQL Code 4. Using Collections 5. Using Advanced Interface Methods 6. Virtual Private Database 7. Oracle SecureFiles 8. Tuning the PL/SQL Code 9. Result Cache 10. Analyzing, Profiling, and Tracing PL/SQL Code 11. Safeguarding PL/SQL Code against SQL injection 12. Working with Oracle SQL Developer Index

Testing the code for SQL injection flaws

So far, we have discussed the symptoms and remedies of SQL injection. We demonstrated the programming recommendations to mitigate the effects of code injections and smuggles. Assuring code quality during the testing cycle plays a crucial role towards preventing code attacks. The code testing resources must adopt a concrete strategy to discover and hit upon the code's vulnerabilities before it invites an attacker to exploit the database. Now, we will discuss some of the testing considerations to test the code for SQL injection flaws.

Test strategy

A logical and efficient test strategy must be employed to discover injection flaws. Of course, there is no magic bullet to filter out all the vulnerabilities of a piece of code.

Usual code reviews are a part of static testing while testing programs with sample data and inputs come under dynamic testing. These days, static testing has been absorbed into the development stage, where developers and their...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image