View on GitHub

AntiSQLi Library

A free and easy to use library for mitigating risk from SQL injection (SQLi) attacks from the application security experts at IronBox and Security Innovation, Inc.

Download this project as a .zip file Download this project as a tar.gz file

Welcome to the AntiSQLi GitHub Page.

The AntiSQLi library is a free and easy to use library for reducing risk from SQL injection (SQLi) attacks -- one of the most common application attacks today.

The AntiSQLi library auto-parameterizes untrusted data for you. And it uses coding patterns and classes that you're already familiar with. The AntiSQLi library saves you time and frustration, and lets you focus more on building your application.

Integrating the AntiSQLi library is easy and only takes a couple lines of code. In fact, it takes less code to use the AntiSQLi library than typical coding patterns. Here's a .NET Framework example:

// Reference the AntiSQLi library
using IronBox.AntiSQLi;
...

// Automatically assign and parameterize untrusted data
SqlParameterizedQuery pQuery = new SqlParameterizedQuery();
pQuery.LoadQuery("SELECT * FROM Users WHERE UserName = {0}",UntrustedData);
...

// You're done, execute your SQL statement using familiar methods
pQuery.Connection = new SqlConnection("[your connection string]");
pQuery.Connection.Open();
pQuery.Command.ExecuteNonQuery();

The AntiSQLi library is also highly extensible. We've written .NET classes for Microsoft SQL Server and Microsoft SQL Server Compact Edition, but you can easily extend the library to support other database platforms like Oracle and MySQL.

Get AntiSQLi on NuGet

You can get the AntiSQLi library on NuGet. Just search for "IronBox.AntiSQLi.dll":

AntiSQLi NuGet install image

Authors and Contributors

The AntiSQLi library was developed by the IronBox team (@ironbox) and Security Innovation, Inc. (@securityinnovation).

License

The AntiSQLi library is made available under the BSD License.

Reduce Your Application Security Risk with Security Innovation

Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches – insecure applications. Our solutions are based on the three pillars of a secure SDLC, which feed into one another to create an ecosystem of repeatable, secure software development: Standards, Education and Assessment

IronBox Secure File Transfer

If you're exchanging highly sensitive information with your customers, check out the IronBox secure file transfer solution. It's as easy to use as clicking a link and there's no software or extra hardware to install. So no more confusing your team members and customers with complicated tools. Or unnecessary IT support costs and personal frustration. Try it today and at no-risk to you with our 14-day free trial.