SQL Injection Attacks

Published 30 May 08 03:12 PM | Buck Woody 

You might have read recently that there have been ongoing SQL injection attacks against vulnerable web applications occurring over the last few months.  These attacks have received recurring attention in the press as they pop up in various geographies around the world. These attacks do not leverage any SQL Server vulnerabilities or any un-patched vulnerabilities in any Microsoft product – the attack vector is vulnerable custom applications. In fact, SQL Injection is a coding issue that can attack any database system, so it's a good idea to learn how to defend against them.

 

In order to help you respond to and defend yourself from these attacks, Microsoft has an authoritative blog including talking points and guidance.  You can find this at http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx

Comments

# Steve Kass » Read this if you serve up web pages from SQL data said on May 30, 2008 8:07 PM:

PingBack from http://stevekass.com/2008/05/31/read-this-if-you-serve-up-web-pages-from-sql-data/

# Aaron Bertrand said on May 30, 2008 11:49 PM:

Fellow MVP Steve Kass and Microsoft's Buck Woody have some links and advice about preventing SQL injection

# Tony Rogerson's ramblings on SQL Server said on May 31, 2008 5:02 AM:

I cannot emphasise enought the importance of understanding the absolute basic security principles when

# SQL Server Security, Performance & Tuning (SSQA.net) said on May 31, 2008 5:22 PM:

One of the biggest threats in IT industry & Database world is unprecedented attacks aka most commonly

# SQL Server Knowledge Sharing Network (SqlServer-qa.net) said on May 31, 2008 5:24 PM:

One of the biggest threats in IT industry & Database world is unprecedented attacks aka most commonly

Anonymous comments are disabled

About Buck Woody

http://www.buckwoody.com
Page view tracker