RKG Logo
Alan Rimm-Kaufman

11% of Sites Vulnerable To SQL Injection: Is Yours?

Michael Sutton wrote about a simple tool he wrote which uses Google to find sites vulnerable to SQL injection. (I wrote about SQL injection as it relates to online retailers in Catalog Success article last year.)

Sutton found 11% of the sites in his study have vulnerabilities. That’s a huge rate.

Sutton’s tool was written to assess the scope of the problem. The same technique could modified, easily, to attack sites en masse using an automated ‘bot. Scary.

Talk to your web folks. Make sure they’ve secured your site. Don’t allow any raw inputs to reach your database (SQL injection) or your HTML output (cross-site scripting).

Preventing SQL injection isn’t all that hard — yet 11% of sites haven’t got it right yet.

If you like this post, consider subscribing to our RSS feed. You can also have new posts sent to you via email.

Share this post (via email, Digg, Delicious, etc)

Similar Posts

Trackback

http://www.rimmkaufman.com/rkgblog/2006/09/27/11-of-sites-vulnerable-to-sql-injection-is-yours/trackback/

No Comments Yet

Your comment will be first!

Your Comment

We "do-follow" links in comments. This may help your search rankings. Learn more...

Email Updates

Categories

Recent Comments

  • Rachel Harper: Dear Mr. Ullman, I worked for JCpenney for almost 18 years. In the past servely months they deceied to change my job disription....
  • Harry Joiner: GREAT question. Very thought provoking. I shall steal this.
  • IM: The presentation is just amazing!
  • Alan Rimm-Kaufman: Thanks for the thoughtful comment, Mark. Do feel free to drop off some of those free video soda machines at our offices any time...
  • Pay Per Click Journal: Honestly we never thought that social networking ads really worked - that is until we saw recent data. We are surprised but...
  • Mark Pilipczuk: Excellent article and definitely worth the time to read. A few other tidbits caught my eye: * There are 150 people working on...
  • Jeff Cornejo: Maybe the business is not in the social network, but in the services that spring up around the social network...which get acquired....
  • Tad Miller: Larry, I blogged about this a few weeks ago and the press I found from E-commerce people all seemed to indicate that the gas prices...
  • Matthew: Why not use Joomla? I mean its a CMS... Wordpress really isnt its more for blogging and even Joomla can do that.
  • Truck Accessories: I sincerely hope that not too much marketing effort goes into playing on the fears surrounding this energy crisis. Not only is...
  • mike: I work for a small software company in Colorado and we're going the solar route after hearing about Google. It's a fantastic idea and I'm...
  • Matthew: When we paid for ads, we only noticed about a 10% increase in traffic from them which almost broke even
  • Mark Pilipczuk: "Befuddled" is too kind. This is rubbish, and coming from a very skilled DR-focused company, it's incredibly disappointing and a...
  • George Michie: Mike, thanks so much for your insightful comments! Gayle, you're right there are more types than these. The spotlight I wanted to...
  • Gayle Dallaston: There are many more types of affiliates than the three you mention - although unfortunately they may be the most common of the...

Blog Stats

  • Posts: 715
  • Words: 312,021
  • Comments: 1,055

Administration

Close
  • Social Web
  • E-mail
Powered by ShareThis