Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Network Perimeter Scanning | Main | Management Issues in Full Disk Encryption »

Grim Mid-Year Security Reports

NetworkWorld is getting a jump on IBM Internet Security Systems "Midyear Trend Statistics" due out this week and reporting that the major commercial vendors (Apple, Cisco, IBM, Oracle, and Sun) are joined by open source content management projects Drupal, Joomla and WordPress. SQL injection attacks continue to be a serious problem.

The article also discusses Websense's mid-year report that finds:

Sixty percent of the of 100 most-popular Web sites have been hosting malicious code or inadvertently distributing it," says Stephan Chenette, manager of the Websense Security Labs

This fits with Fortify's findings in its open source study released earlier this week which found 15,612 SQL injection vulnerabilities in 11 popular open source applications.

Relational databases are ideal data stores for many applications but we can no longer deploy applications written to an "Introduction to SQL" level of understanding. For more on SQL injection attacks and how to avoid them, check out this podcast.

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on July 29, 2008 8:18 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/800

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net