See ComputerWorld's SQL Injection Attacks Lead to Heartland, Hannaford Breaches for more on this topic.
I'm amazed because SQL injection is entirely a preventable bug. Yet, it's the top attack technique.
That's an amazing indictment of the programming profession. There are so many shoddy, incompetent programmers (and shoddy, incompetent customers of programming services) that SQL injection is the top attack technique.
I almost forgot the obligatory XKCD comic: http://xkcd.com/327/
XKCD should print that comic on mousepads and coffee mugs so team leads can hand them out to every developer. Keep SQL injection at the forefront of people's minds!
ReplyDelete