We use cookies. You have options. Cookies help us keep the site running smoothly and inform some of our advertising, but if you’d like to make adjustments, you can visit our Cookie Notice page for more information.
We’d like to use cookies on your device. Cookies help us keep the site running smoothly and inform some of our advertising, but how we use them is entirely up to you. Accept our recommended settings or customise them to your wishes.
×

11% of Sites Vulnerable To SQL Injection: Is Yours?

Michael Sutton wrote about a simple tool he wrote which uses Google to find sites vulnerable to SQL injection. (I wrote about SQL injection as it relates to online retailers in Catalog Success article last year.) Sutton found 11% of the sites in his study have vulnerabilities. That's a huge rate. Sutton's tool was written to assess the scope of the problem. The same technique could modified, easily, to attack sites en masse using an automated 'bot. Scary. Talk to your web folks. Make sure they've secured your site. Don't allow any raw inputs to reach your database (SQL injection) or your HTML output (cross-site scripting). Preventing SQL injection isn't all that hard -- yet 11% of sites haven't got it right yet.

Join the Discussion