Given you're using out of the box solutions (i.e. no custom input and data storage solution outside of the Microsoft framework), you'll be fine as SharePoint's code handles injection attacks and follows best practices.
SharePoint 2013 Public site how to test SQL Injection attacks ?
Hi
In SharePoint 2013 Public site how to test SQL Injection attacks ?
In SharePoint 2013 web application i deployed some custom web parts,displaying data from custom lists to pages etc.
Is CAMAL Queries written in side farm solutions does make any problem, for example there are contact pages and users input data and data save in in custom lists.
2 additional answers
Sort by: Most helpful
-
Baker Kong-MSFT 3,791 Reputation points
2020-08-20T04:30:07.34+00:00 Hi adilahmed ,
If you use SharePoint safe API, it is no SQL injection vulnerabilities as this will avoid a direct connection to DB. CAML Queries will interact with SQL Database as an interpreter that will not be directly queried to the SQL server, and it will be validated by SharePoint.
Best Regards,
Baker Kong -
Baker Kong-MSFT 3,791 Reputation points
2020-08-24T06:43:28.317+00:00 Hi @adil ,
Regarding this issue, do you have further questions? If the above info is helpful to this issue, could you please accept it as Answer?
Thanks
Baker Kong