Moved

Moved. See https://slott56.github.io. All new content goes to the new site. This is a legacy, and will likely be dropped five years after the last post in Jan 2023.

Sunday, August 30, 2009

SQL Injection Attacks the Top Vulnerability

This is an amazing quote: "We see SQL injection as the top attack technique on the Web".

See ComputerWorld's SQL Injection Attacks Lead to Heartland, Hannaford Breaches for more on this topic.

I'm amazed because SQL injection is entirely a preventable bug. Yet, it's the top attack technique.

That's an amazing indictment of the programming profession. There are so many shoddy, incompetent programmers (and shoddy, incompetent customers of programming services) that SQL injection is the top attack technique.

I almost forgot the obligatory XKCD comic: http://xkcd.com/327/

1 comment:

  1. XKCD should print that comic on mousepads and coffee mugs so team leads can hand them out to every developer. Keep SQL injection at the forefront of people's minds!

    ReplyDelete

Note: Only a member of this blog may post a comment.