Very good read. Any/all web app developer(s) should, *at the very minimum*, be extremely conversant with the OWASP Top 10 <https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet> and how to write code which is safe against those vulnerabilities (SQL injection is no. 1 on that list btw). If your web app collects financial information, I would strongly recommend your entire infrastructure is PCI DSS <https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss> compliant. You don't have to get certified, just implement those provisions. Now, if the above seems like an overkill, then ask yourself (or your boss) this: "*if your server was hacked into and the entire database posted onto the web, how much damage would your organisation suffer?"* On Mon, Oct 31, 2016 at 10:09 AM, Jose Muga via skunkworks < skunkworks@lists.my.co.ke> wrote:
Good Morning,
Thought it interesting to share this link with everyone here.
http://arstechnica.com/information-technology/2016/ 10/how-security-flaws-work-sql-injection/
Regards Muga.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke