Are Your Applications and Website Secure?
I recently read an article about the fastest growing security threat in the hosting industry. It contends that this threat has grown over a hundred fold in just the last year alone, so I put that claim to the test and created a poll on a web hosting forum. Turns out, it is a real security threat, just not on that scale - maybe tenfold. LOL What is it?
SQL Injection
Why have SQL injection attempts grown so dramatically? It was pointed out, and I agree, because the bad guys are using (very sophisticated) automated tools. More and more, we're seeing attempts not only to be disruptive, but rather to be focused on identity theft. Anyone remember Heartland Payment Systems and TJX?
Who is Susceptible?
Certainly, if you're processing lots of credit cards, you need to guard against this exploit, but even if you aren't, this needs to be addressed. I did a quick Google search for SQL injection prevention and stumbled upon a Cheat Sheet at Owasp.org. Since most SQL injection exploits are due to lax coding and poor application design practices, prevention measures like those outlined on this site can significantly minimize your risk of being compromised.
From Owasp.org
"SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input. To avoid SQL injection flaws is simple. Developers need to either:
a) stop writing dynamic queries; and / or
b) prevent user supplied input which contains malicious SQL from affecting the logic of the executed query. "
Gloss