Automated SQL injection: What your enterprise needs to know

Subject: Automated SQL injection: What your enterprise needs to know
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Mon, 26 Jul 2004 10:07:57 -0400
Content-Type: multipart/alternative; boundary="=====================_1869812==.ALT"

re: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci995325,00.html

"SQL injection exploits may soon be as common as those targeting Windows and Unix flaws, experts say. An estimated 60% of Web applications that use dynamic content are likely vulnerable, ..."

"... A presentation of an automated attack targeting SQL injection flaws is planned for Black Hat Briefings this week in Las Vegas."

Seems that if this wasn't a problem before, the "stars are aligning" to help make it one in the future :-).

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

Prev by Date: Time for another Bagle
Next by Date: Some realism from CNSS
Prev by thread: Some realism from CNSS
Next by thread: Time for another Bagle

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov