Very good read.

Any/all web app developer(s) should, at the very minimum, be extremely conversant with the OWASP Top 10 and how to write code which is safe against those vulnerabilities (SQL injection is no. 1 on that list btw). 

If your web app collects financial information, I would strongly recommend your entire infrastructure is PCI DSS compliant. You don't have to get certified, just implement those provisions.

Now, if the above seems like an overkill, then ask yourself (or your boss) this: "if your server was hacked into and the entire database posted onto the web, how much damage would your organisation suffer?"

On Mon, Oct 31, 2016 at 10:09 AM, Jose Muga via skunkworks <skunkworks@lists.my.co.ke> wrote:

Good Morning,

Thought it interesting to share this link with everyone here.

http://arstechnica.com/information-technology/2016/10/how-security-flaws-work-sql-injection/

Regards

Muga.

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke