(This post is brought to you today by the letter A).

This weekend, I took a hiatus from the computing world and headed down to the family lake house. Time to get ready for summer and clean out all the junk!

Well, not junk, but lots of ladybugs for some reason.

When we arrived home yesterday, I caught up on my personal email, and noticed that someone posted a comment to my personal blog. Like this blog, when someone comments, I get excited since I’m never sure if anyone is reading. (Please leave comments, it makes me feel useful. Just like all the characters in Sodor want to be.) The comment in particular was an attempt to run a SQL Injection attack against my blog software.

Thankfully, it appears that my blog software caught this intrusion, but it left a nice record in my email. Here’s what it looks like when someone (or a bot) tries to attack a field.

Bill364367′,’396455billy@msn.com’,”,’′,’2008-03-08 11:08:05′,’2008-03-08 11:08:05′,”,’0′,’lynx’,’comment’,’0′,’0′),(‘0’, ”,”, ”, ”, ‘2008-03-09 11:08:05’, ‘2008-03-09 11:08:05’, ”, ‘spam’, ”,’comment’, ‘0’,’0′ ) /* (IP: , titania.nameremovedtoprotect.com)

Names & IPs changed to protect the silly.

So the question is, is YOUR code vulnerable to this type of attack? When is the last time you had an application penetration test or code review performed on your custom code? VeriSign has seen quite an up tick in interest around these services (which we happily provide), though it still seems that most companies really miss the importance of this type of security review. Either it is easily dismissed as too expensive, or companies want to review every piece of code they can get their hands on (vs. a methodical and targeted approach to key apps and an overhaul of the SDLC).

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts: