Microsoft published a security advisory (954462) on June 24, 2008 warning about the rising occurrence SQL Injection attack. "These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database."
This morning, I find out that one of our databases was subjected to this issue, which causing the web site failed to launch. We have to restore the data from backup.
One useful tool, (also suggested in the security advisory) is HP Scrawl, which help web site administrators to detect SQL Injection vulnerabilities.
No comments:
Post a Comment