by Hassib K
I read about a recent SQL Injection campaign that infected approximately 1 million web pages. Apparently, they manipulate the existing SQL query for malicious purposes. It appears that the majority of the infected web pages are from the Netherlands although there are some US domains as well. Mary Landesmann from Cisco says that the 1 million web page number may be inflated and inaccurate because they are including web pages that discuss it as well, such as the one where I found this article. She says that using a Google search result is not an accurate way of measuring the number of infected websites. The article went on to conclude that SQL injection attacks are no longer as large as they used to be and that luckily organizations are able to manage better.
I found this article to be very interesting. I had never heard of an SQL injection exploit before and I was very excited to read about it. It’s great to know that they have found a way to reduce the size and impact of these attacks. I would like to learn more about these types of vulnerabilities and how we can improve them.
Higgns, K. J. (2012, January 04). Latest sql injection campaign infects 1 million web pages. Retrieved from http://www.darkreading.com/database-security/167901020/security/attacks-breaches/232301285/latest-sql-injection-campaign-infects-1-million-web-pages.html?itc=edit_stub
Mospaw, C. (Artist). (2005). Sql injection. [Web Graphic]. Retrieved from http://www.unixwiz.net/images/sqlinjection.jpg