Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Prevalent Are SQL Injection Vulnerabilities?

Posted by ryuzaki0 on from the more-than-you-think dept.

Krishna Dagli writes to tell us of an investigation, by Michael Sutton, attempting to get an estimate of how widespread SQL-injection vulnerabilities are among Web sites. Sutton made clever use of the Google API to turn up candidate vulnerable sites. You might quibble with his methodology (some posters on the blog site do), but he found that around 11% of sites are potentially vulnerable to SQL injection attacks. He believes the causes for this somewhat alarming situation include development texts that teach programmers insecure SQL syntax, and point-and-click tools that allow the untrained to put up database-backed sites.

2 of 245 comments (clear)

  1. Re:The abuse of SQL injection by caffeinatedOnline · · Score: 0, Offtopic

    Offtopic? I think not! If I had some mod points, you my friend would be getting some +1 funny for that.

    --
    The sky above the port was the color of television, tuned to a dead channel...
  2. Re:Sure, blame the "untrained" developers.... by smoker2 · · Score: 0, Offtopic

    Any server which has telnet running is in far more danger than just sql injection exploits.