Beginner’s Guides to SQL Injection and Cross-Site Scripting

AttackI’m not in a position where I have to worry too much about security, but I often hear of vulnerabilities that we’re protecting ourselves from. I simply ask some intelligent system architect and he says, “Yea, we’re covered.”, and then the security audit comes back clean.

However, there are two security ‘hacks’ or vulnerabilities that you can read about a lot on the net these days, SQL Injection and Cross-Site Scripting. I had been aware of both and have read quite a few ‘techy’ bulletins on them, but not being a true programmer, I’d usually wait for security updates or just make sure the right folks were aware and I’d move on.

These two vulnerabilities are things that everyone should be aware of though, even the marketer. Simply posting a simple web-form on your website could really open your system up to some nasty things.

Brandon Wood has done a great job of writing Beginner’s Guides to both topics that even you or I can understand:

  • SQL Injection
  • Cross-Site Scripting


  1. 1

    Wow, thanks for the post Doug. I feel honored… 🙂

    The problem you describe of not really knowing how to spot these types of vulnerabilities is the biggest problem that I see. If I show a programmer that doesn’t know a thing about security a piece of code and ask them if it’s secure, of course they are going to say that it’s secure – they don’t know what they’re looking for!

    The real key here is educating our developers on what to look for, and how to fix it. That was the purpose behind my two articles.

  2. 2

    Might not be the right place but came to notify a serious thing.

    PS: I would like to notify about a Major risk in wordpress that i was able to find.Its major hack in wordpress having a risk of 7/10.I am not advertising but do look at my post html-injection-and-being-hacked.Please do notify about this to other bloggers.I had a talk with Matt(WordPress) on email about it

  3. 3
  4. 4
  5. 5

    WordPress MySQL offline scanner?

    Is there a tool that is available that can scan an
    offline WordPress MySQL table exported from phpMyAdmin?

    We have a WordPress MYSQL database that appears to have
    had a SQL injection.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.