SQLAuthority News – Rise in SQL Injection Attacks Exploiting Unverified User Data Input

Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.

Mitigating Factors:

This vulnerability is not exploitable in Web applications that follow generally accepted best practices for secure Web application development by verifying user data input.

Read more here.

Reference : Pinal Dave (http://blog.SQLAuthority.com)

About these ads

3 thoughts on “SQLAuthority News – Rise in SQL Injection Attacks Exploiting Unverified User Data Input

  1. Hi Pinal

    I am a Team Leader in one private company.
    I feel Good on reading your blog.
    It is very much useful to me to review the SQL Once again

    I need to know how to avoid the SQL injection through SQL

    I made that Blocking Script in the ASP through regEx but i need to know that is possible in SQL ? If Possible How?

    Mail To me.

    Help Me PLease !

    Thanks in Advance!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s