SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a breach of 450,000 usernames and passwords. In this video, Ryan O’Boyle of Veracode discusses the nature of SQL injection attacks and how to defend against them.

Categories: Data Breaches, Vulnerabilities, Web Security

Comments (5)

  1. Mark
    3

    I also suggest that sensitive database columns are encrypted as another layer of defence so that even if an injection attack is successful an attacker can only read ciphertext.

     

Comments are closed.