摘要
With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS + ASP + MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS. The result is verified by WVS report.
