Auditing for SQL Injection vulnerabilities is critical

Hackers are concentrating their efforts on web sites: 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking.

SQL Injection

SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database.

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

To learn how Acunetix can help you audit your website for SQL Injection vulnerabilities go directly to “How to check for SQL injection vulnerabilities“.

Recent Statistics

Since January 2006, Acunetix has been offering a free automated web scan for qualifying websites. Out of a total of 10,000 applications, Acunetix has scanned 3,200 sites belonging to either businesses or non-commercial entities.

We found that 50% of the websites with instances of high vulnerabilities were susceptible to SQL Injection while 42% of these websites were prone to Cross Site Scripting. Other serious vulnerabilities include Blind SQL Injection, Cross Site Scripting, CRLF Injection and HTTP response splitting, as well as script source code disclosure.

Read the full article “What is SQL Injection?” for more information or download Acunetix WVS to see how you can combat SQL Injection.