SQL Server, Analytics, .Net, Machine Learning, R, Python
Mitch Wheat has been working as a professional programmer since 1984, graduating with a honours degree in Mathematics from Warwick University, UK in 1986. He moved to Perth in 1995, having worked in software houses in London and Rotterdam. He has worked in the areas of mining, electronics, research, defence, financial, GIS, telecommunications, engineering, and information management. Mitch has worked mainly with Microsoft technologies (since Windows version 3.0) but has also used UNIX. He holds the following Microsoft certifications: MCPD (Web and Windows) using C# and SQL Server MCITP (Admin and Developer). His preferred development environment is C#, .Net Framework and SQL Server. Mitch has worked as an independent consultant for the last 10 years, and is currently involved with helping teams improve their Software Development Life Cycle. His areas of special interest lie in performance tuning
Tuesday, March 20, 2007
Test Your Apps for SQL Injection Attacks
Do you test your applications for SQL injection vulnerabilities? I came across a nice round-up of possible attacks here: SQL Injection Cheat Sheet It has a nice reference section.
About a year and half ago, I was going to submit some of my photographs to a stock library based in Queensland, Australia, and on a whim I decided to try a very basic SQL injection to see how secure this site would be with my financial details. It didn't pass! I contacted the owner/maintainer and told him about the problem. One year later, I checked back to see if it had been fixed. It had not. Needless to say, I don't list any photos with them!
MSN, Email: mitch døt wheat at gmail.com