People, SQL Injection Is Not That Hard To Fix

I rant because it hurts me on a professional level that there are so many pieces of software vulnerable.  Just checking out Exploit-DB on two days (January 3rd & 4th, 2012), I saw 19 exploits.  Of these 19, 11 were SQL injection (well, 1 was XSS+SQL).  Here they are:

What’s sad is that this is just a typical outcome:  on most days, it seems that roughly half of the vulnerabilities found are SQL Injection attacks.  What’s even more said is that protecting against SQL Injection is not a difficult task.  It just requires sanitizing inputs, parameterizing queries, and limiting dynamic SQL statements.  I know that my focus is on the Microsoft stack, but other languages have their own versions of these concepts, and putting them into place requires just about the same level of skill—that is, very little.

One thought on “People, SQL Injection Is Not That Hard To Fix

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s