Share via

SharePoint 2013 Public site how to test SQL Injection attacks ?

adil 1,431 Reputation points
2020-08-19T08:46:25.81+00:00

Hi

In SharePoint 2013 Public site how to test SQL Injection attacks ?

In SharePoint 2013 web application i deployed some custom web parts,displaying data from custom lists to pages etc.
Is CAMAL Queries written in side farm solutions does make any problem, for example there are contact pages and users input data and data save in in custom lists.

Microsoft 365 and Office SharePoint Server For business
Microsoft 365 and Office SharePoint Server Development
0 comments
Accepted answer
  1. trevorseward 11,711 Reputation points
    2020-08-19T14:13:53.847+00:00

    Given you're using out of the box solutions (i.e. no custom input and data storage solution outside of the Microsoft framework), you'll be fine as SharePoint's code handles injection attacks and follows best practices.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Baker Kong-MSFT 3,801 Reputation points
    2020-08-20T04:30:07.34+00:00

    Hi adilahmed ,

    If you use SharePoint safe API, it is no SQL injection vulnerabilities as this will avoid a direct connection to DB. CAML Queries will interact with SQL Database as an interpreter that will not be directly queried to the SQL server, and it will be validated by SharePoint.

    Best Regards,
    Baker Kong

    0 comments
  2. Baker Kong-MSFT 3,801 Reputation points
    2020-08-24T06:43:28.317+00:00

    Hi @adil ,

    Regarding this issue, do you have further questions? If the above info is helpful to this issue, could you please accept it as Answer?

    Thanks
    Baker Kong

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.