Testing the code for SQL injection flaws
Until now, we discussed the symptoms and remedies of SQL injection. We demonstrated the programming recommendations to mitigate the effects of code injections and smuggles. Assuring code quality and testing play a crucial role in taking preventive measures against hackers. Code testing resources must adopt a concrete strategy to discover and hit upon the code vulnerabilities before it invites an attacker to exploit the database. Now, we will discuss some of the testing considerations to test the code for SQL injection flaws.
Test strategy
A logical and effective test strategy must be employed to discover injection flaws. Of course, there is no magic practice to ooze out all flaws in the code.
The usual code reviews are part of static testing while testing the programs with sample data and inputs come under dynamic testing. These days, static testing has been absorbed into the development stage where developers, their peers and seniors review the code...
