What was the breakthrough that enabled automated SQL attacks?
In the spring of 2008, a criminal coder discovered that Microsoft SQL databases would accept javascript, the shorthand coding that enables cool website features. Microsoft contends in this SQL security alert that there is nothing wrong with its database products. Instead, the software giant blames sloppy coding by web application developers who write the programs that tap into the underlying databases. This discovery touched off a gold rush by white hat, black hat and grey hat researchers to find security holes in widely-used, off-the-shelf web applications. In 2008, researchers found 134% more web application vulnerabilities than in 2007. To be more precise, these were flaws that could enable the injection of javascript into Microsoft databases, according to IBM ISS. What’s worse, to date 74% of these recently revealed SQL security holes have no available security patch. Keep in mind those metrics apply to garden-variety web applications. Many websites use custom made web applications
