You cringe as you open the company website and are greeted by a number of rapidly flashing images. You click and the page explodes into kaleidoscopic text that pulsates with different colors. The phone rings and your e-mail dings, but you already know what they are going to say: The company site has been hacked. This is a corporate nightmare and to think…it all could have been avoided.

There is no question that a hackers’ post can easily ruin a perfectly good day. And it never fails to amaze my clients that their 24-7 billboard to the world is so widely visible. The smallest company can be inundated by phone calls when a security breach takes place. SQL Injection is one of the many web attack mechanisms used by hackers to gain access to the data held within your database.

SQL Injection allows a hacker to pass SQL commands (statements) through a web application for execution by the backend database. If not setup properly, SQL Injection attacks allow hackers to view information from the database and/or even wipe it out. Older sites that take advantage of dynamic scripting languages, such as ASP, PHP, JSP, and CGI are especially vulnerable. A hacker merely needs a web browser, knowledge of SQL queries and creative guesswork to wreak havoc.

Although it is fairly easy to protect against SQL Injection, there are a large number of web applications that remain vulnerable. According to the Web Application Security Consortium, 9% of the total hacking incidents reported up to July 2006 were due to SQL Injection. More recent data shows that about 50% of websites are susceptible to SQL Injection vulnerabilities.

Securing your website from SQL Injection is essential in the maintenance and upkeep of your website. While your website may appear to be functioning on the surface, a yearly audit of your website for SQL Injection and other hacking vulnerabilities can save you a world of trouble…and money in the long run.

Think of it this way, if your car didn’t get routinely inspected, how would you know if it was running properly? The same goes for your website. Dozens of new vulnerabilities surface on a daily basis and while no one likes paying for the what if’s, the preventative cost can far outweigh the nightmare that can be caused when a site falls prey to a malicious hack.

This entry was posted on Friday, June 6th, 2008 at 9:47 am and is filed under General Communications, Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.