SQL Injection Attacks
If you write any kind of script on the Internet be it ASP, ASP.net, PHP, PERL, Ruby, Python, anything that accesses a database then you should be aware of SQL Injection attacks.
This posting is going to reference two other blogs, one is the great Scott Guthrie’s blog (best damn blog on ASP.net on the Internet) and his post on Guarding Against SQL Injection attacks.
The second blog we’ll reference is Scott’s inspiration for his blog article, Michael Suttons blog and his work to see just how bad SQL injection is on the Internet. Michael did a quick google search and sampled something like 1000 websites and found that 11% of them were vulnerable to SQL injection.
Both blogs do an excellent job detailing SQL injection and providing links and references on how to fix your code and where to get more information on good coding security.
My addition to all this is that I’m going to add Secunia.com. Secunia.com provides a database of open and closed vulnerabilities for various applications and operating systems. Everything from Cisco to Windows is included here.
I get a constant stream of email updates from secunia.com and each day I get atleast one email with either a SQL Injection or Cross Site Scripting vulnerability being listed so I know firsthand just how widespread the problem really is. I did a quick search on their database for SQL Injection and it found 1288 applications that either had or have a SQL injection vulnerability. Folks, SQL Injection is a huge issue.
If you’re going to purchase a web application or install any sort of web application (PHPBB, OSCommerce, Storefront, aspdotnetstorefront, you name it) I recommend you search Secunia’s database first.
- Smartermail, Spamassassin, Virtuozzo VPSs
- Windows Live Writer Style Not Updated
- A new theme & my fonts are jagged! HELP!
- WP Tutorial: Your First WP Plugin « Mark on WordPress
- Pimpin’ My WordPress – Part 4 – Integrating Gallery2 & WordPress
- Pimpin’ My WordPress – Part 3 — Speeding up publishing.
- Powered by WIMP:Windows, IIS, MySQL, PHP
- Posting To WordPress From Windows Live Editor
- Automatic Login for SmarterMail Webmail.
- Embedding Video in WordPress
About Jess (264 posts)
Experienced as a Web Developer and Web Server administrator since 1994, in 1999 Jess set out to start a Web Hosting Provider that would leverage the latest in cutting edge and innovative technologies and make them available to businesses in a way that was easy to understand, easy to use and affordable. Today Applied Innovations is a recognized leader in Windows Hosting and specializes in ASP.NET, E-Commerce and Advanced Web Application Hosting.