Why SQL injection attacks are successful: A Ponemon report offers interesting insight

  • 16 April 2014
  • 3 replies
  • 1579 views

Userlevel 7
Badge +54
SQL is being hammered by bad guys. Why is that, and is there anything that can be done to fix the situation? A recent Ponemon survey about SQL injections and potential solutions are discussed.

 SQL has been around since the 1970s, so one would assume all vulnerability bugs in the language have been eliminated. Yet, there are still numerous reports of attackers being able to leverage weaknesses in SQL to consistently breach high-profile companies.

I have been told it is the nature of the beast. Any time people are allowed to access information stored on backend servers trouble is just a query away. Bad guys use a SQL injection to liberate data from the server hosting the database under attack.
 
Full Article

3 replies

Userlevel 7
SQL...now there is a surprise...almost as much of a mainstay as Java, in the business world, but really surprising that there isn't more exploitation of it...IMHO
 
 
Baldrick
Userlevel 7
Badge +56
Most developers have learned to sanitize their inputs, but that's probably something that should be mandated at a code/security level rather than optional.  Reminds me of the xkcd about SQL Injection:
http://xkcd.com/327/
Userlevel 7
The following is a update on SQL injection attacks.
=================================================================================================

 
"Quote" Retail breaches and the SQL injection threat

 
By HNS Staff/ Posted on 10 June 2014.

 
Summary/ Continuous monitoring of database networks is the best approach to avoid breaches such as the high-profile attacks against major U.S. retailers, according to a Ponemon Institute and DB Networks study.

More than half (57 percent) of respondents believed that the attacks against the U.S. retailers involved SQL injection as one of the components of the attacks.

 
Help Net Security/ Full Read Here/ http://www.net-security.org/secworld.php?id=16985

 

Reply