SQL injection attacks are becoming as prolific as viruses: It seems every time you turn around, there are new reports about Web sites that have been affected by these attacks. For example, SQL injection attacks infiltrated the Department of Homeland Security's (DHS's) Web site and defaced the United Nations Web site. As SQL injection attacks become more common, you need to fully understand what you're up against so that you can properly protect your organization.
To arm yourself against SQL injection attacks, I suggest reading security expert Mark Joseph Edwards Security Matters blog on the Windows IT Pro Web site. His blog includes several posts that not only provide information about how the latest SQL injection attack tools work (as in his blog post "SQL Injection Attack Tool Spreading"), but also discuss how to prevent such attacks on your SQL Server and Oracle systems (as in his blog post "New Tricks For SQL Injection Attacks"). I also recommend reading the following SQL Server Magazine and Windows IT Pro articles, which provide more information about how to prevent SQL injection attacks:
- Preventing SQL Injection Attack
- How to Avoid SQL Injection
- SQL Injection: The Hacker’s Gold Mine
- Potential SQL Injection Attack on Oklahoma Prison Thwarted
- SQL Injection Attacks by Example
- Defend Your Systems Against SQL Injection Attacks
To find out more about what SQL injection attacks involve, go to http://en.wikipedia.org/wiki/SQL_injection.