Home > Security News > Tips for SQL injection protection
Security News:
EMAIL THIS LICENSING & REPRINTS

Tips for SQL injection protection

By Robert Westervelt, News Editor
02 Jul 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Microsoft recently identified tools to help software developers, security pros and others on the software development team serve up more secure code and defend against SQL injection attacks. Over the last several months researchers have been tracking the attacks, which appear to be automated, using a number of hacker toolkits that can be purchased on the black market. In this podcast, Scott Matsumoto, a secure coding expert with Cigital Inc. explains the tools available and other ways companies can scan their Web-based software for errors that leave it vulnerable to attack.

  Tips for SQL injection protection: 

  Program Links: 

  • Microsoft identifies tools to address SQL injection attacks: On the heels of a tidal wave of SQL injection attacks in recent months, Microsoft issued an advisory to identify tools that could help stave off the attacks.

  • How to apply ISO 27002 to PCI DSS compliance: The Payment Card Industry Data Security Standard may be fairly straightforward, but it's lacking in defining the processes that will ultimately lead to PCI DSS compliance.

  • Microsoft tools won't be quick fix for SQL injection attacks: Microsoft's security advisory will help raise awareness about secure software coding, but it won't stop the onslaught of SQL injection attacks, experts say.

  • New wave of SQL injection attacks alarm researchers: Researchers are uncovering a wave of SQL injection attacks, suggesting that attackers are finding it easy to compromise new targets.

  • SQL injection attack infects hundreds of thousands of websites: Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.

  • Information Security podcasts: Visit SearchSecurity's podcast archive.



    Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting)RootkitsVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




    • More Tips to Secure Your Network
    Focused on Channel Security?
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts