Michael Sutton wrote about a simple tool he wrote which uses Google to find sites vulnerable to SQL injection. (I wrote about SQL injection as it relates to online retailers in Catalog Success article last year.) Sutton found 11% of the sites in his study have vulnerabilities. That's a huge rate. Sutton's tool was written to assess the scope of the problem. The same technique could modified, easily, to attack sites en masse using an automated 'bot. Scary. Talk to your web folks. Make sure they've secured your site. Don't allow any raw inputs to reach your database (SQL injection) or your HTML output (cross-site scripting). Preventing SQL injection isn't all that hard -- yet 11% of sites haven't got it right yet.
Join the Discussion