SQL Injection: Calling Stored Procedures Dynamically
Posted by James Jardine on October 26, 2016 · Comments Off on SQL Injection: Calling Stored Procedures Dynamically
Filed under: Development, Security, Testing
Filed under: Development, Security, Testing
It is not news that SQL Injection is possible within a stored procedure. There have been plenty of articles discussing this issues. However, there is a unique way that some developers execute their stored procedures that make them vulnerable to SQL Injection, even when the stored procedure itself is actually safe. Look ...