Recently, SQL injection has become a popular topic in the security world. A quick look at the articles below show that many organizations are suffering from breaches due to SQL Injection. These incidents have lead to the disclosure of credit card numbers, social security numbers, or other personal/sensitive information.
Breach Information:
http://www.webappsec.org/projects/whid/byclass_class_attack_method_value_sql_injection.shtml
http://datalossdb.org/incidents/1230-sql-injection-hack-exposes-names-credit-card-numbers-cvv-codes-of-hundreds
http://datalossdb.org/incidents/1364-sql-injection-hack-exposes-names-addresses-and-ccn
Many development groups struggle to address these vulnerabilities within their software. In March, OWASP released the "SQL Injection Prevention Cheat Sheet." This short article discusses developers' options for addressing SQL Injection. If this article were to become required reading for all developers, I believe it would result in significantly fewer data breach incidents due to web application vulnerabilities.
Friday, April 17, 2009
Subscribe to:
Posts (Atom)