Category:SQL

= Main =

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

About
The OWASP SQL and database Scripting Technology Knowledge Base is the clearing house for all information related to building secure database related applications, as well as services based on SQL and SQL scripting technologies. The focus of the project is on guidance for developers and architects using SQL frameworks, on SQL based technologies for web and distributed application development, on OWASP components that deal with SQL related topics and on participation in OWASP projects that use SQL, PL/SQL, SQL scripting languages and related technologies. Moreover, we aim to provide security related guidance for system administrators managing SQL based applications and tools.

Community content is key to security information. The project depends on content from developers throughout the SQL, PL/SQL and database programming ecosystem.

Purpose

 * Provide deep, rich guidance for SQL, PL/SQL and similar languages, as well as database developers in general, in using the security features of SQL, SQL frameworks and various databases.
 * Address security in relation to the SQL, PL/SQL and derived scripting technologies, including database programming.
 * Guide system administrators in managing database components and applications - always in relation to security.
 * Create guidance for use of OWASP components that are designed for use with SQL and databases.
 * Focus on information about working with and on OWASP tools built using SQL or related SQL technologies.
 * Provide a stream of security related information, like vulnerabilities and security patches, related to the SQL and database security universe.
 * Build an ecosystem allowing to all actors interested to discuss, share and learn.

Licensing
OWASP SQL Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Team
Lead: none.

Meta
Last Update: 1/2016

Related Projects

 * OWASP Project Repository
 * Languages Repository
 * .NET Project
 * Ruby
 * PHP
 * Perl
 * Python
 * JavaScript
 * C/C++
 * SQL, PL/SQL, DB Scripting
 * OWASP IoT Security
 * OWASP Mobile Security


 * }

= Related Resources =

{| style="padding:0; margin:0; margin-top:10px; text-align:left; width:100%;" |-
 * valign="top" style="border-right: 1px dotted gray; padding-right:25px; width:30%; float:left;" |

Mailing List
(none)


 * valign="top" style="padding-left:25px; width:30%; min-width:30%; border-right:1px dotted gray; padding-right:25px; float:left;" |

Twitter Feed
None.


 * valign="top" style="padding-left:25px; width:30%; float:left;" |

Code Repository
None.


 * }

Related Project Resources
OWASP Project Repository

Languages Repository

.NET Project

Ruby Technology Knowledge Base

PHP Technology Knowledge Base

Perl Technology Knowledge Base

Python Technology Knowledge Base

JavaScript Technology Knowledge Base

C/C++ Technology Knowledge Base

SQL, PL/SQL and DB Scripting Technology Knowledge Base

OWASP IoT Security Project

OWASP Mobile Security Project

= Project Pages =

PL/SQL
Pages under review


 * PL/SQL:SQL Injection
 * PL/SQL:Cursor Injection
 * PL/SQL:Dangling Cursor Snarfing
 * PL/SQL:Buffer overflow
 * PL/SQL:Privilege escalation

Documents
OWASP Secure Coding Practices - Quick Reference Guide

OWASP Codes of Conduct

OWASP Cheat Sheets Series

OWASP Testing Project

OWASP Web Top 10

OWASP Vulnerable Web Applications Directory

= Technologies =

SQL
SQL (Structured Query Language) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).

SQL was one of the first commercial languages for Edgar F. Codd's relational model, as described in his influential 1970 paper, "A Relational Model of Data for Large Shared Data Banks.". Despite not entirely adhering to the relational model as described by Codd, it became the most widely used database language.

SQL became a standard of the American National Standards Institute (ANSI) in 1986, and of the International Organization for Standardization (ISO) in 1987. Since then, the standard has been revised to include a larger set of features. Despite the existence of such standards, though, most SQL code is not completely portable among different database systems without adjustments.

https://en.wikipedia.org/wiki/SQL

PL/SQL
PL/SQL (Procedural Language/Structured Query Language) is Oracle(tm) Corporation's proprietary procedural extension to the SQL database language. Some other SQL database management systems offer similar extensions to the SQL language. PL/SQL's syntax strongly resembles that of ADA.

The key strength of PL/SQL is its tight integration with the Oracle database.

PL/SQL is one of three languages embedded in the Oracle Database, the other two being SQL and Java.

http://en.wikipedia.org/wiki/PL/SQL

SQL PL
SQL PL stands for Structured Query Language Procedural Language and was developed by IBM as a set of commands that extend the use of SQL in the IBM DB2 (DB2 UDB Version 7) database system. It provides procedural programmability in addition to the querying commands of SQL. It is a subset of the SQL Persistent Stored Modules (SQL/PSM) language standard.

https://en.wikipedia.org/wiki/SQL_PL

Transact-SQL
Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to SQL. SQL, the acronym for Structured Query Language, is a standardized computer language that was originally developed by IBM for querying, altering and defining relational databases, using declarative statements. T-SQL expands on the SQL standard to include procedural programming, local variables, various support functions for string processing, date processing, mathematics, etc. and changes to the DELETE and UPDATE statements. These additional features make Transact-SQL Turing complete.

Transact-SQL is central to using Microsoft SQL Server. All applications that communicate with an instance of SQL Server do so by sending Transact-SQL statements to the server, regardless of the user interface of the application.

https://en.wikipedia.org/wiki/Transact-SQL

= Get involved =



= Archives =

(nothing)

'''IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated.'''