SQL Injection Attacks

If you write any kind of script on the Internet be it ASP, ASP.net, PHP, PERL, Ruby, Python, anything that accesses a database then you should be aware of SQL Injection attacks.

This posting is going to reference two other blogs, one is the great Scott Guthrie’s blog (best damn blog on ASP.net on the Internet) and his post on Guarding Against SQL Injection attacks.

The second blog we’ll reference is Scott’s inspiration for his blog article, Michael Suttons blog and his work to see just how bad SQL injection is on the Internet. Michael did a quick google search and sampled something like 1000 websites and found that 11% of them were vulnerable to SQL injection.

Both blogs do an excellent job detailing SQL injection and providing links and references on how to fix your code and where to get more information on good coding security.

My addition to all this is that I’m going to add Secunia.com. Secunia.com provides a database of open and closed vulnerabilities for various applications and operating systems. Everything from Cisco to Windows is included here. 

I get a constant stream of email updates from secunia.com and each day I get atleast one email with either a SQL Injection or Cross Site Scripting vulnerability being listed so I know firsthand just how widespread the problem really is. I did a quick search on their database for SQL Injection and it found 1288 applications that either had or have a SQL injection vulnerability.  Folks, SQL Injection is a huge issue. 

If you’re going to purchase a web application or install any sort of web application (PHPBB, OSCommerce, Storefront, aspdotnetstorefront, you name it) I recommend you search Secunia’s database first.

author avatar
Jess
With a background in web development and web server administration dating back to 1994, Jess Coburn founded Applied Innovations in 1999. As CEO, he led the company to become a recognized leader in Windows Hosting, specializing in ASP.NET, E-Commerce, and advanced web application hosting. Under Jess's leadership, Applied Innovations became known for making cutting-edge technology accessible and affordable for businesses. Building on this success, Jess expanded his vision by founding QIT Solutions, a managed cloud, IT, and cybersecurity company, where he continues to leverage his extensive industry experience to deliver innovative and secure IT solutions to businesses.

Leave a Comment

Scroll to Top