SQL Injection, a problem that is avoidable{1}

by Willen L
In this article the author talks about SQL injection and how it’s been around for more than a decade and many companies do not know how to deal with it or not even implementing solutions to fix this widespread problem. SQL injection is a code injection technique that exploits vulnerability in websites software where arbitrary data is inserted in code that is executed by a database thus compromising the database. Hackers can use this information for Identity Fraud, which cost the US 4.7 billion every year. Knowing this, Microsoft has been giving tips for programmers on how to protect against SQL injection since 2005 but it hasn’t made much of a difference. The author states that this problem is going to rise with how fast technology moves and from the amount of people in the world in the future. It’s up to the individual companies IT managers to step in and access their systems to determine if they are vulnerable and to make security improvements to prevent attacks. The author states that if companies take the necessary precautions, they can prevent 87% of attacks. What the scary thing is that generally it takes about 6-8 months for the company to realize that their database has been breached…

I thought this article was interesting because I wonder why SQL Injection is still a problem even after 10 years and considering how fast technology is moving, I think it’s a very long time. I think the problem is the lack of training and resources that companies have is not enough to effectively prevent attacks. That is why most of the hackers target small popular websites which might not have the resources to prevent attacks.

Curtis, S. (2012 January). Avoidable Attacks Cause Most Data Breaches. PCWorld. Retrieved February 20, 2012, from http://www.pcworld.com/article/248530/avoidable_attacks_cause_most_data_breaches.html