Many real world examples of SQL Injection exist and more appear to be added to the list every week. The rewards for the attacker are often good (credit card numbers, administrative access, data theft etc) and the levels of protection offered by most developments are still poor. Until secure development methodologies become an integral part of development lifecycles, applications will continue to be vulnerable to attacks such as SQL Injection.
Many companies fail to address application security correctly and attackers are continually evolving SQL Injection attacks to bypass flimsy security controls. I feel SQL Injection attacks will continue to be the attackers’ choice for the remainder of 2008 and throughout 2009.
Popularity: 1%
