Difference between revisions of "Talk:OWASP Testing Guide v2 Table of Contents"

From OWASP
Jump to: navigation, search
 
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
I believe that publishing this SQL injection as a test method is extremely dangerous. While professional testers know not to drop tables from databases, inexperienced testers or malicious users could attempt this on sites with potentially disastrous effects.
+
The ToC must have a authZ chapter. There's plenty of authZ content, just needs to be moved from business logic testing to a new chapter. [[User:Vanderaj|Vanderaj]] 20:22, 15 January 2007 (EST)
 
+
<pre>
+
SELECT id FROM users WHERE name='' AND pass=''; DROP TABLE users;
+
</pre>
+
 
+
I would recommend using a more benign SQL injection example, such as:
+
 
+
<pre>
+
SELECT id FROM users WHERE name=''or+1=1--' AND pass='';
+
</pre>
+

Latest revision as of 20:22, 15 January 2007

The ToC must have a authZ chapter. There's plenty of authZ content, just needs to be moved from business logic testing to a new chapter. Vanderaj 20:22, 15 January 2007 (EST)