Mavituna Security has a nice post up on SQL Injection. They give a brief history of SQL injection and the three common mistakes that enable it. They have some astounding facts. Here's a small sampling:
- In 2012, 97% of all data breaches world wide were SQL injection attacks.
- In one month, from the end of 2011 to early 2012, over 1,000,000 sites were successfully attacked with SQL injection.
- SQL injection has remained in the top 10 list of vulnerabilities compiled by the Open Web Application Security Project.
I've written several times before about SQL injection. Every time it's because some new article has astounded me that this attack is still possible. Mavituna is promising further articles on the technical aspects of SQL injection and how to avoid falling prey to it. Be sure to check back or sign up for their RSS feed.