How Prevalent Are SQL Injection Vulnerabilities? - Slashdot

Slashdot is powered by your submissions, so send in your scoop

×

How Prevalent Are SQL Injection Vulnerabilities? 245

Posted by kdawson on Thursday October 05, 2006 @12:33PM from the more-than-you-think dept.

Krishna Dagli writes to tell us of an investigation, by Michael Sutton, attempting to get an estimate of how widespread SQL-injection vulnerabilities are among Web sites. Sutton made clever use of the Google API to turn up candidate vulnerable sites. You might quibble with his methodology (some posters on the blog site do), but he found that around 11% of sites are potentially vulnerable to SQL injection attacks. He believes the causes for this somewhat alarming situation include development texts that teach programmers insecure SQL syntax, and point-and-click tools that allow the untrained to put up database-backed sites.

This discussion has been archived. No new comments can be posted.

How Prevalent Are SQL Injection Vulnerabilities?

Search 245 Comments Log In/Create an Account

Comments Filter:

The abuse of SQL injection (Score:5, Funny)

by Reality Master 201 ( 578873 ) writes: on Thursday October 05, 2006 @12:38PM (#16323417) Journal

destroys thousands of lives a year. Sure, it starts small - a SELECT there, a few INSERTS on the weekend. Eventually, though, you're using stored procedures and trying to score triggers in the middle of the night.

Just say no, kids.

Share
twitter facebook
I take one every day - It's GOOD for you (Score:0, Funny)

by Anonymous Coward writes: on Thursday October 05, 2006 @12:44PM (#16323515)

I take one every day - It's GOOD for you

Share
twitter facebook
Some kind of software checklist (Score:5, Funny)

by Realistic_Dragon ( 655151 ) writes: on Thursday October 05, 2006 @01:02PM (#16323821) Homepage

There should be some kind of government run website somewhere.

You would answer questions and it would give you license keys to software that you were qualified to use. For example, I might tick:

Engineer (check)
Artist ( )
Manager (check)
Linux (Check)
Mac ( )
Windows ( )

And it would issue keys for website point and click installation software, Vi, apache and Latex - but deny me keys to powerpoint thereby saving the lives of people who might otherwise have to gnaw off their own leg to survive my 8 hour presentation on optimising synergisyms in a web 3.0 environment by sub molecular interactions.

Share
twitter facebook
Re:Sure, blame the "untrained" developers.... (Score:3, Funny)

by CaffeineAddict2001 ( 518485 ) writes: on Thursday October 05, 2006 @01:13PM (#16324015)

This is kind of like saying we can prevent buffer overflow exploits by having the windows API not allow people to enter shellcode into textboxes.

Parent Share
twitter facebook
Re:Sure, blame the "untrained" developers.... (Score:3, Funny)

by Mister Whirly ( 964219 ) writes: on Thursday October 05, 2006 @02:26PM (#16325201) Homepage

ATM = Automatic Teller Machines

"ATM machines" = Automatic Teller Machines Machines - definitley leave it to the pros, otherwise you may screw up on your "PIN number"

(Apologies for being a pseudo-grammar Nazi)

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

"May your future be limited only by your dreams." -- Christa McAuliffe