Microsoft recently identified tools to help software developers, security pros and others on the software development team serve up more secure code and defend against SQL injection attacks. Over the last several months researchers have been tracking the attacks, which appear to be automated, using a number of hacker toolkits that can be purchased on the black market. In this podcast, Scott Matsumoto, a secure coding expert with Cigital Inc. explains the tools available and other ways companies can scan their Web-based software for errors that leave it vulnerable to attack.
| Tips for SQL injection protection:
Microsoft identifies tools to address SQL injection attacks: On the heels of a tidal wave of SQL injection attacks in recent months, Microsoft issued an advisory to identify tools that could help stave off the attacks.
How to apply ISO 27002 to PCI DSS compliance: The Payment Card Industry Data Security Standard may be fairly straightforward, but it's lacking in defining the processes that will ultimately lead to PCI DSS compliance.
Microsoft tools won't be quick fix for SQL injection attacks: Microsoft's security advisory will help raise awareness about secure software coding, but it won't stop the onslaught of SQL injection attacks, experts say.
New wave of SQL injection attacks alarm researchers: Researchers are uncovering a wave of SQL injection attacks, suggesting that attackers are finding it easy to compromise new targets.
SQL injection attack infects hundreds of thousands of websites: Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.
Information Security podcasts: Visit SearchSecurity's podcast archive.
Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)