June 7, 2006

Security in Web App

SQL Injection Attacks by Example I just thought this article was well written and well worth the read. It's still amazes me that after several years of knowing about sql injections, we still see code out there subject to SQL injections. Using prepared statements go a long way to resolve the issue. I see two reasons why still don't use them 1) we don't know, in which case conferences like the software security summit, and articles like this are good to sensibilize more and more people 2) we're lazy, and we think we will not be attacked, in which case no matter how many times someone repeats it, things will not change until the app is attacked.

No comments: