Yesterday it was reported that BusinessWeek had been infected with malware via an SQL injection attack.

[begin Mom lecture]

Remember when we talked about PCI DSS being a good idea for everyone, even though it's just a requirement for the payment card industry? If I've told you once, I've told you a million times: safer is better, more protection never hurts.

[end Mom lecture]

The coolest thing about the web is that, unlike being a mom with one teenager left in the house, I don't have to actually repeat myself. I can just link to it again...and again...and again.

Interestingly, the aforementioned report indicates that "Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site."

Why would that be? Perhaps because it takes time to find and fix the code responsible, and then actually deploy it out into production. This is one of the scenarios in which a web application firewall or an application delivery platform could be of assistance, as either could be quickly and easily configured to strip the offending scripts from all responses, giving developers the time they need to address the problem in the application.

     Where's F5?


Related reading:

White Paper: SQL Injection Evasion Detection

Article: Preventing SQL Injections

Follow me on Twitter View Lori's profile on SlideShare AddThis Feed Button Bookmark and Share