We have all heard of SQL Injection and know what it is. With this being the case, why is it there are so many instances of this vulnerability in legacy and new applications?

My conclusion is that the reason must be one of two things:

1. There is a lack of in depth knowledge about the vulnerability and how to defend against it.
2. For whatever reason...project time constraints...sloppy coding...developers choose to ignore best coding practices.

I recently did a session, at one of our team away days, on common application vulnerabilities. Part of the session was a break out for 20 minutes to review the following piece of code for vulnerabilities.

Take a look and see if you can identify some problems...

  string GetShipmentDetails(string Id)
  {
   
   //If Status of Yes, then this is a positive result and subsequent code will run
   //Anything else is a negative result and code execution will halt
   string Status = "No";
   string sqlString = "";

   try
   {

    SqlConnection sql = new SqlConnection(
     @"data source=localhost;"+
     "user id=sa;password=password;");

    sql.Open();

    sqlString = "SELECT HasShipped" +
     "FROM Shipment WHERE ID='" + Id + "'";

    SqlCommand cmd = new SqlCommand(sqlString,sql);

    if ((int)cmd.ExecuteScalar() !=0)
     Status = "Yes";

    return Status;

   }

   catch (SqlException se)

   {
    
    Status = sqlString + " failed\n\r";

    foreach (SqlError e in se.Errors)
    {
     Status += e.Message + "\n\r";
    }

    return Status;
   
   }

   catch (Exception e)

   {
   
    Status = e.ToString();
    return Status;
   }

  }


Please feel free to pass comment.
I should add, my boss, with a worried look on his face asked - "Paul, did you write this code?"

So in future posts I will run through some best coding practices and drill into why these practices help protect you against potential attacks.