Blog @ andreaprovaglio.com

SQL injection vulnerabilities are still very common in web applications (OWASP rates injection flaws as the second most important security issue in Top Ten 2007). Input validation and parameterized queries (also called prepared statements) are the most popular safeguard options to prevent SQL injections. However, even using parameterized queries, an application can still be vulnerable to SQL injections. This is not a new topic (early researches on exploiting parameterized queries appeared more than 3 years ago) but there is still a lot of confusion among security-unaware software developers and architects.

I find the Scriping for the Java Platform API (JSR-223) an interesting and promising extension to Java. It's even more appealing to me when used with JRuby (and optionally with Rails). I'll discuss the benefits of such a mix in a future post. For now, I just want to talk about the Java versions on which you can run JSR-223.