ADwire
The KMK Media team is a crew of design, creative, web development and media specialists who help companies communicate the right message to the right people.

Is Your Web Site Safe?

July 8th, 2008 at 09:07am Doug Burton

Web site security. Although this is a technical discussion, it can have a serious marketing and business impact. Especially when you are trying to drive visitors to your site and it is down for two weeks because the data has been hacked.

Microsoft has taken the unusual step of issuing a security bulletin for something called “Rise in SQL Injection Attacks”. Although not a particularly attention-grabbing title, this is an exceptional subject for a security bulletin because it’s not about a specific Microsoft product that’s patchable, but rather coding practices in general.

“SQL Injection” is a technique used to “hack” websites, and unfortunately, a great deal of websites are vulnerable to it (some estimates suggest “hundreds of thousands”, but it may be many, many more). Hackers typically use automated tools to find vulnerable sites, and then “inject” malicious code that can do any number of things. In recent weeks there has been a huge surge in the volume of these attacks.

These range from simply adding code that causes a virus infection on a visitors browser, to editing or changing any content on your website, or in the extreme case, completely wiping out the website. The consequences of an attack should be pretty clear - for less extreme attacks, you may not even realise there’s a problem, but it’s more likely that the attack may cause inconvenience or embarrassment. In the extreme case, a well-crafted attack can have disastrous implications to a business-critical website, totally disabling a business, or result in the theft of credit card data and associated financial loss.

Links to documentation on SQL injection and coding best practices:

SQL Server Injection Protection

Preventing SQL Injections in ASP

How To: Protect from SQL Injection in ASP.NET

Coding Techniques for protecting against SQL Injection in ASP.NET

Filtering SQL Injection from Classic ASP

Security Vulnerability Research & Defense Blog on SQL Injection Attack

doug_burton2.jpg

Entry Filed under: other, Research, Database marketing, Tips & Tricks, Uncategorized

Leave a Comment

Required

Required, hidden

Security Code:

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Search

Latest Posts

Calendar

July 2008
M T W T F S S
« Jun   Aug »
 123456
78910111213
14151617181920
21222324252627
28293031  

Posts by Month


Most Recent Posts

Posts by Category

Syndication