actually hints at an application-level
vulnerability. There's no SQL to inject at
either IIS nor Apache.
SQL injection vulnerabilities are most common
in PHP and old-style ASP (i.e. not ASP.NET)
applications. Especially PHP with variable
interpolation and an early culture of not
supporting parameters in db libraries is a
liability. So much so that several products
based upon made their vendors make the
top 10 list of most vulnerable vendors.
Both PHP and old-style ASP still makes it a
pain to use parameterized statements compared
to synthesized (and often vulnerable)
statements. Thus luring incompetent and
amateurish developers down the wrong path.
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
