Occupy SQL: We are the 97%{5}


by Brian T
Most everyone at this point is familiar with groups like Anonymous and the league of imitators that try and prove their worth by exploiting websites and penetrating systems. While these actions have garnered respect and impressed feelings from some online communities, a study cited by Barclay’s lead payment security officer Neira Jones concludes that approximately 97% of data compromising cyber assaults globally are the result of SQL injections. The piece mentions that although the attack method has been in practice for over a decade, it’s actual usage is simply not acknowledged by website/database programmers – meaning that basic steps to prevent such injections are never implemented.

Picture a loophole in any form of contract. If that loophole is exploited time after time after time, and no attempt to revise the contract is ever made, the contract will begin to lose it’s integrity and purpose.

The first task that has been established to help with this loophole is the updating and improving of information security practices with coders. It is explained that the initial step in lowering the frequency of these attacks is to ensure that programmers are well-versed in generating air-tight, solid, and minimally exploitable SQL code. Once this training reduces assaults, more specialized security teams will then tackle the remaining (and more sophisticated) malicious techniques that hackers use to manipulate targeted databases.

Considering we are to learn all about SQL in the upcoming class sessions, I believe this article helps show that computer forensic experts are not always solely responsible for system breaches. Weight also rests on the programmers who should utilize safe practices in their own labors – after all, their work is fundamental and a structurally sound system starts from the bottom up. Since our generation is poised to assume these types of roles in the relatively near future, we must garner knowledge from stories like this one that will (hopefully) make us ever-so-slightly more prepared to do so.

 

Source:

Curtis, S. (2012, January 22). Avoidable attacks cause most data breaches. Retrieved from http://www.pcworld.com/article/248530/avoidable_attacks_cause_most_data_breaches.html