Useful information regarding the recent and ongoing sql injection attacks

Date: 03 June 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9387 You may have heard of or read articles recently relating to the rise in SQL injection attacks which are becoming more severe over the last few months. Often website owners who fall victim to these attacks are left wondering how it was possible that a remote attacker was able to edit their database, and are even more frustrated by the code the attackers inject which can infect their customers with malware. Resources regarding these attacks were rare when they first appeared on our radars however our friends at Microsoft have compiled a number of articles to help those who are affected, or simply interested in these injection attacks: Microsoft Security Vulnerability Research & Defence Blog Internet Information Services Blog Neil Carpenter on SQL Parameterized Queries Michael Howard's How SDL Handles This Issue MSDN Article On Classic ASP MMPC Malware Article Although these attacks are becoming more common, there is some relief available in software packages like GreenSQL. This is an open source firewall package designed especially to protect databases from SQL injection attacks. To learn more about GreenSQL please visit their website. -- Paul