David Strom’s Web Informant

New and improved with just a hint of lemon

« How Open is the International Internet?
Understanding contributions to the Linux kernel »

SQL injection in the news again

Posted by strom on May 7, 2008

It amazes me (almost) to see the latest news of thousands of Web sites that have been compromised with one of the oldest tricks in the book: SQL Injection. It is almost ridiculously easy to find sites that can be exploited. Michael Sutton of SPIdynamics/HP tells you how he came across more than 80 of them in a small sample by writing some quick code using Google’s APIs here.

I wrote a paper several years ago for Breach Security about the subject that is still relevant. You can register and download it here.

This entry was posted on May 7, 2008 at 4:58 am and is filed under Web site strategies. . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« How Open is the International Internet?
Understanding contributions to the Linux kernel »