Security Think Tank: Several factors feed SQLi attacks


Security Think Tank: Several factors feed SQLi attacks

Despite being the most common form of vulnerability in web applications for years, and many thousands of articles being written on the subject, SQL injection (SQLi) remains a viable, and profitable, way to attack web applications.

The reason that it remains viable, despite all the published material on how to avoid it, lies with a group of problems.

A lack of security awareness from some development teams means that the code for the applications is commonly not secured against the threat. 

This undermines the whole application, and when fixes come to be implemented later they are often patched over just one area, leaving other areas of the application vulnerable.

More ingenious methods of avoiding counter-measures are always being developed, because the prize is so great.

Without an immediate tangible benefit from security training and testing, some corporations have been cutting budgets. However, the much-publicised recent attacks have highlighted the risks that come from a lack of IT security spending.

The ways to prevent SQLi have not changed – they just need to be implemented.

An investment in security training and testing will provide developers with the skills to code applications without the technical errors that lead to SQL injection vulnerabilities, and the reassurance that the application has been rigorously tested.

Peter Wood is a member of the London Chapter ISACA Security Advisory Group and CEO of First Base Technologies.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in September 2012


COMMENTS powered by Disqus  //  Commenting policy