InformationWeek: The Business Value of Technology

Strategy: How Attackers Find and Exploit Database Vulnerabilities

Fourteen years ago, an article in Phrack magazine made history when it made what is ­believed to be the first publicized mention of SQL injection. In the years since then, SQL injection has become a common way for hackers to work their way into a database and swipe information. 

Fortunately, developers can close these security holes by baking ­security into the development process and following best practices for coding. But ­database security goes way beyond SQL injection. It includes password management, sound approaches to user provisioning and the deployment of patches in a reasonable amount of time. The arms race between malicious hackers the security community will continue. In the end, stopping these hackers at the gate requires a multipronged ­approach and constant vigilance. (S4920512)