# Monday, July 02, 2007

If you're a programmer that deals with databases you OWE it to yourself to know what SQL Injection is.

SQL Injection is not a new vulnerability attack, just check out this 3 year old article talking about it.

SQL Injection affects ANY type of data access code, it's not a problem that's specific to MS development platforms, as it is caused by bad coding practices.

SQL Injection is RIDICULOUSLY EASY to protect against (compared to HTML, XSS injection, etc. etc.), but it seems most programmers have no idea how to do it.

If you're a programmer, you owe it to yourself to Google SQL Injection NOW!

Here's some more reference links.

- In the context of ASP.Net
- In the context of MS SQL Server


Note that you can Post As GUEST as well.
blog comments powered by Disqus