We use cookies to personalize content, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. For information on how to change your cookie settings, please see our Privacy policy. Otherwise, if you agree to our use of cookies, please continue to use our website.

11% of Sites Vulnerable To SQL Injection: Is Yours?

Michael Sutton wrote about a simple tool he wrote which uses Google to find sites vulnerable to SQL injection. (I wrote about SQL injection as it relates to online retailers in Catalog Success article last year.) Sutton found 11% of the sites in his study have vulnerabilities. That's a huge rate. Sutton's tool was written to assess the scope of the problem. The same technique could modified, easily, to attack sites en masse using an automated 'bot. Scary. Talk to your web folks. Make sure they've secured your site. Don't allow any raw inputs to reach your database (SQL injection) or your HTML output (cross-site scripting). Preventing SQL injection isn't all that hard -- yet 11% of sites haven't got it right yet.

Join the Discussion