"SQL injection attacks are used to access data within a database in a way that was not intended by allowing clients to enter arbitrary-and often malicious-strings into open queries," explains Jack Danahy, co-founder and CTO for Ounce Labs (www.ouncelabs.com). "Typically, this abuse is restricted to the privileges associated with the user's credentials, but in some cases, Web front-ends can operate with high-level permissions, leaving the entire database and its configuration open to attack."... Read Full Article Here
SQL Injection Invasion: Weak Web Applications Increasingly Fall Prey To This Potentially Devastating Attack
Processor.com: As security measures in data centers become progressively more stringent, hackers are turning to more unique methods to access sensitive data. One of these is SQL injection, which replaced cross-site scripting as the predominant Web application vulnerability in 2008, according to an IBM study.
