• Home
• About
• RSS
• Get in touch

SQL Injection Attacks Rule… Still…

In a new report into UK security breaches, it was found that 40% of data breaches were due to SQL injection attacks, with a further 30% being from poor server configuration an authentication. 85% of the data stolen was Payment Card information – which is readily resold in the underground economy.

As SQL injection attacks have been in the news for several years now, it is surprising that they haven’t been stopped and so are still a valid form of attack for cyber-criminals. Most of the customers I have spoken to are unaware as to whether their web applications are  vulnerable to SQL injection attacks – because they haven’t asked the companies hosting them!

So… task for the day… if you have a web based application which accepts credit card information, find out whether it has been hardened to SQL injection attacks. If you use a third party, don’t assume that they have done this – ask and don’t be fobbed off with a ‘it won’t happen to us’ answer.

Guy Bunker

comments

• Connect with us



• Get Email Updates

• Recently Posts

  • Common Criteria EAL +3 Security Certification – What’s all the fuss about?
  • Cyber crime: a real risk to global stability
  • Let’s get back to basics in 2012
  • The challenges of securing industrial control systems
  • The Power of Collaboration Against Cybercrime
  • A View from the London Conference on CyberSpace
  • Safety first when going virtual
  • #smbrisk – a great debate
  • Tainted love….remembering the love bug of 2000
  • Get social, not paranoid

• Pages

  • announcements
  • Application
  • Availability
  • backup
  • botnet
  • Cloud computing
  • Complexity
  • Compliance
  • Consumerization
  • cyber-crime
  • data centre
  • data-loss
  • Denial of service
  • disaster recovery
  • Education
  • Green IT
  • impersonation
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • misleading applications
  • Patching
  • Phishing
  • Regulation
  • Reputation
  • SaaS
  • security
  • small business
  • Social Media
  • Spam
  • Speaking
  • Storage
  • trojan
  • Uncategorized
  • Virtualization
  • Virus

• Blogroll

  • Ask Marian Consumer Security Blog
  • Bruce Schneier’s Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Symantec French contributor - A blog from the French pen of Laurent Heslault
  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy
  • Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
  • Toby Stevens’ Data Trust Blog