SQL Injection Attacks


You might have read recently that there have been ongoing SQL injection attacks against vulnerable web applications occurring over the last few months.  These attacks have received recurring attention in the press as they pop up in various geographies around the world. These attacks do not leverage any SQL Server vulnerabilities or any un-patched vulnerabilities in any Microsoft product – the attack vector is vulnerable custom applications. In fact, SQL Injection is a coding issue that can attack any database system, so it’s a good idea to learn how to defend against them.


 


In order to help you respond to and defend yourself from these attacks, Microsoft has an authoritative blog including talking points and guidance.  You can find this at http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx

Comments (5)

  1. Fellow MVP Steve Kass and Microsoft’s Buck Woody have some links and advice about preventing SQL injection

  2. I cannot emphasise enought the importance of understanding the absolute basic security principles when

  3. One of the biggest threats in IT industry & Database world is unprecedented attacks aka most commonly

  4. One of the biggest threats in IT industry & Database world is unprecedented attacks aka most commonly