Welcome to the Tutorial
on Defending Against SQL Injection Attacks!

Without proper safeguards, applications are vulnerable to various forms of security attack. One particularly pervasive method of attack is called SQL injection. Using this method, a hacker can pass string input to an application with the hope of gaining unauthorized access to a database.

By taking this self-study tutorial, you can arm yourself with techniques and tools to strengthen your code and applications against these attacks. This tutorial employs text and diagrams to present concepts, design issues, coding standards, processes, and tools. Flash-based demos and simulations allow you to visualize what you have learned, and assessment quizzes help you gauge your learning progress.

After taking this tutorial, you should be able to:

Categorize and explain various types of SQL injection attacks
Describe coding and design strategies for avoiding SQL injection attacks
Use DBMS_ASSERT to validate input values
Use code review tools to identify possible SQL injection vulnerabilities

Apply coding standards to eliminate SQL injection vulnerabilities


Start Tutorial

Download Tutorial


More ST Curriculum Tutorials

Last updated:

Copyright 2009, Oracle ®. All rights reserved.