Written by:RBarryYoung6/13/2009 8:52 PM
A couple of news articles I cam cross this week on SQl Injection;
http://www.baselinemag.com/c/a/Security/SQL-Injections-Wreaking-Havoc-258450/
http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf
http://www.baselinemag.com/c/a/IT-Management/Six-Steps-to-Stop-SQL-Injections-129263/
http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-whitepaper.pdf
There is some realy great stuff in here including some references to the frequency of Injection attacks this past year, a report from European Black Hats of a new technique that can take an Injection attacker from SQL Server to the OS, and some ways to protect yourself.
Let me know what you think!
Copyright ©2009 Barry Young
2 comment(s) so far...
Re: News articles on SQL InjectionSome excellent material here, thanks for sharing!I for one always like to provide references that backup my recommendations and I feel these will come in particularly handy when writing for management audiences.It still surprises me the number of business that are caught out by SQL Injection type attacks.
Re: News articles on SQL Injection
Some excellent material here, thanks for sharing!I for one always like to provide references that backup my recommendations and I feel these will come in particularly handy when writing for management audiences.It still surprises me the number of business that are caught out by SQL Injection type attacks.
Re: News articles on SQL InjectionThanks John, and agreed. But then neither the application vendors, nor MS has not been a source of leadership or inspiration on this issue. In fact, there arguably part of the problem (re: Linq).
Thanks John, and agreed. But then neither the application vendors, nor MS has not been a source of leadership or inspiration on this issue. In fact, there arguably part of the problem (re: Linq).