|Join hundreds of other Developers and InfoSec professionals for Training, Sessions and Community at our first conference of 2019|
[AppSec Tel Aviv, May 26-30th]
The OWASP SQL and database Scripting Technology Knowledge Base is the clearing house for all information related to building secure database related applications, as well as services based on SQL and SQL scripting technologies. The focus of the project is on guidance for developers and architects using SQL frameworks, on SQL based technologies for web and distributed application development, on OWASP components that deal with SQL related topics and on participation in OWASP projects that use SQL, PL/SQL, SQL scripting languages and related technologies. Moreover, we aim to provide security related guidance for system administrators managing SQL based applications and tools.
Community content is key to security information. The project depends on content from developers throughout the SQL, PL/SQL and database programming ecosystem.
OWASP SQL Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
Last Update: 1/2016
Related Project Resources
Pages under review
- PL/SQL:SQL Injection
- PL/SQL:Cursor Injection
- PL/SQL:Dangling Cursor Snarfing
- PL/SQL:Buffer overflow
- PL/SQL:Privilege escalation
SQL (Structured Query Language) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).
SQL was one of the first commercial languages for Edgar F. Codd's relational model, as described in his influential 1970 paper, "A Relational Model of Data for Large Shared Data Banks.". Despite not entirely adhering to the relational model as described by Codd, it became the most widely used database language.
SQL became a standard of the American National Standards Institute (ANSI) in 1986, and of the International Organization for Standardization (ISO) in 1987. Since then, the standard has been revised to include a larger set of features. Despite the existence of such standards, though, most SQL code is not completely portable among different database systems without adjustments.
PL/SQL (Procedural Language/Structured Query Language) is Oracle(tm) Corporation's proprietary procedural extension to the SQL database language. Some other SQL database management systems offer similar extensions to the SQL language. PL/SQL's syntax strongly resembles that of ADA.
The key strength of PL/SQL is its tight integration with the Oracle database.
PL/SQL is one of three languages embedded in the Oracle Database, the other two being SQL and Java.
SQL PL stands for Structured Query Language Procedural Language and was developed by IBM as a set of commands that extend the use of SQL in the IBM DB2 (DB2 UDB Version 7) database system. It provides procedural programmability in addition to the querying commands of SQL. It is a subset of the SQL Persistent Stored Modules (SQL/PSM) language standard.
Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to SQL. SQL, the acronym for Structured Query Language, is a standardized computer language that was originally developed by IBM for querying, altering and defining relational databases, using declarative statements. T-SQL expands on the SQL standard to include procedural programming, local variables, various support functions for string processing, date processing, mathematics, etc. and changes to the DELETE and UPDATE statements. These additional features make Transact-SQL Turing complete.
Transact-SQL is central to using Microsoft SQL Server. All applications that communicate with an instance of SQL Server do so by sending Transact-SQL statements to the server, regardless of the user interface of the application.
IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated.