1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why does SQL injection still exist?

Discussion in 'Network World' started by RSS, Jul 31, 2015.

  1. RSS

    RSS New Member Member

    After having spent the last two weeks in Asia I find myself sitting in a hotel room in Tokyo pondering something. I delivered a few talks in Singapore and in Manila and was struck by the fact that we’re still talking about SQL injection as a problem.

    So, what is SQL injection you might ask. This is a method to attack web applications that have a data repository. The attacker would send a specially crafted SQL, or structured query language, statement that is designed to cause some malicious action. These statements are successful too often as many web applications do not sanitize their inputs.

    MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers

    The OWASP Top Ten is a collection of vulnerabilities that are of particular note. The problem that jumps out at me is that SQL injection has been on this list for the better part of a decade. Why does this continue to be the case? Well, there are contributing factors to be certain. One of which is the time to market issue which will most likely never be dealt with from a security perspective.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page