September 18, 2013

SQLi still Alive and Kicking

Alive-and-kickingRecently, Veracode published a compelling Infographic on the true costs of a data breach.

According to the graphic 30% of data breaches are caused by SQL Injection. How is that still possible? SQL Injection was solved 10 years ago with the introduction of the positive security model with Web Application Firewalls and with proper code audits. Sadly, we still see major data breaches caused by a dated attack vector caused by the following:

  • Misinformation of security officers, who are made to believe that signature-based technologies such as IPS would stop SQL Injection. In a previous article we explored the differences between an IPS and a WAF and why SQL Injection still prevails.  
  • The classic “I’m a small shop, no one targets me” misconception, that leads unaware business owners to believe that SQL Injection attacks and other web attacks are only targeted or worse – only targeted at big companies. Credit card data stored in a small mom-and-pop shop database has the same value of one stored at a large bank database.

Where can I learn more?

  1. “What the IPS Didn’t See” article, here
  2. “The Future of Web Security” article, here

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.