this is getting tedious
Why is it that so many alleged professionals have so much trouble blocking such a simple attack? This is getting beyond a joke now. What's _wrong_ with them? Why, at this late date, does this still happen? Why?
Yet another mass compromise is hitting poorly configured websites, and at least one of the afflicted is a security site that plays up its prowess in warding off the very type of attack it has been smitten by. At least 17 pages on idera.com were hit by a quick-moving SQL injection attack on Friday, including one titled “ …
the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.
Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.
I know. I work for a hoster, we get blamed because the end users and their developers think our platform is insecure and can't/won't believe their code is to culprit.
When I investigate these claims it makes me weep when I see their data access code or code that managed file uploads and the like.
part of the problem is that - in any language - it's easier to write something like connection.execute("SELECT a,b,c FROM d WHERE username='" + form.username + "''") than set up and execute a properly validated and formatted stored procedure call
For newbie developers - fresh out of primary school and deploying their first web2.0 project finding simple best-practice recipies is also tough and until you've been burnt it's hard to realise why it's so important
Biting the hand that feeds IT © 1998–2021