How Prevalent Are SQL Injection Vulnerabilities? 245
Krishna Dagli writes to tell us of an investigation, by Michael Sutton, attempting to get an estimate of how widespread SQL-injection vulnerabilities are among Web sites. Sutton made clever use of the Google API to turn up candidate vulnerable sites. You might quibble with his methodology (some posters on the blog site do), but he found that around 11% of sites are potentially vulnerable to SQL injection attacks. He believes the causes for this somewhat alarming situation include development texts that teach programmers insecure SQL syntax, and point-and-click tools that allow the untrained to put up database-backed sites.
The abuse of SQL injection (Score:5, Funny)
Just say no, kids.
I take one every day - It's GOOD for you (Score:0, Funny)
I take one every day - It's GOOD for you
Some kind of software checklist (Score:5, Funny)
You would answer questions and it would give you license keys to software that you were qualified to use. For example, I might tick:
Engineer (check)
Artist ( )
Manager (check)
Linux (Check)
Mac ( )
Windows ( )
And it would issue keys for website point and click installation software, Vi, apache and Latex - but deny me keys to powerpoint thereby saving the lives of people who might otherwise have to gnaw off their own leg to survive my 8 hour presentation on optimising synergisyms in a web 3.0 environment by sub molecular interactions.
Re:Sure, blame the "untrained" developers.... (Score:3, Funny)
Re:Sure, blame the "untrained" developers.... (Score:3, Funny)
"ATM machines" = Automatic Teller Machines Machines - definitley leave it to the pros, otherwise you may screw up on your "PIN number"
(Apologies for being a pseudo-grammar Nazi)