Deeper BPM Solutions
Blog Archive
All Tags
algorithms
android
android_os
application_security
architecture
bpm
business
business_rules
coding
cognitive_corporation
confidentiality
data
data_masking
data_security
ea
education
efficient
efficient_coding
encryption
enterprise_applications
enterprise_architecture
enterprise_architecture_framework
enterprise_systems
full_disk_encryption
information
information_systems
integrity
internet
is_management
it_leadership
java
javaone
linkedin
managing_is_projects
marketing
media
microsoft_tags
neutrality
ontology
open
open_source
optimization
oracle
personally_identifiable_information
pii
privacy
process_automation
programming
qr_codes
quality
rules
security
security_in_depth
semantic_technology
semantic_web
semantics
services
soa
software
source
sql_injection
success
system_integration
systems
testing
truecrypt
tuning
upgrade
vulnerability
web
web_services
windows_7
workflow
Our people weigh in on the issues of the day.
Blue Slate's people think a lot about the challenges facing their industries today. In the process, they often come up with completely unexpected slants on current issues, or new ways of thinking about business problems. Bluespeak is where they share those thoughts. Feel free to read and reflect.
[Any views or opinion represented in this blog are personal and belong solely to the blogger and do not represent those of Blue Slate Solutions.]
SQL Injection – Why Does Our Profession Continue to Build Applications that Support It?
SQL Injection is commonly given as a root cause when news sites report about stolen data. Here are a few recent headlines for articles describing data loss related to SQL injection: Hackers steal customer data by accessing supermarket database1, Hacker swipes details of 4m Pirate Bay users2, and Mass Web Attack Hits Wall Street Journal, Jerusalem Post3. I understand that SQL injection is prevalent; I just don’t understand why developers continue to write code that offers this avenue to attackers.
From my point of view SQL injection is very well understood and has been for many years. There is no excuse for a programmer to create code that allows for such an attack to succeed. For me this issue falls squarely on the shoulders of people writing applications. If you do not understand the mechanics of SQL injection and don’t know how to effectively prevent it then you shouldn’t be writing software.