Do you expect your company's network to get hacked this year? What about your SQL Servers? According to this story, most companies (94%) expect to get hacked this year. That's kind of amazing to me. It reminds me of the SPAM problems where so many people just expect to get a regular amount of SPAM mail sent to them. I think filters have really cut down on the amount of SPAM I receive, going from dozens, or even hundreds a day to just a few now that are unsolicited.
Here at SQLServerCentral, we've been attacked a few times. Our database has been the victim of SQL Injection attacks in the past, though I hope that we've closed all those holes by now. I haven't seen anything go awry recently (knock on wood), but I'm sure that we are probed or even attacked on a regular basis.
If your company has any size, I'm sure that you will be attacked sometime in the next two years. Given that it's likely that your web presence, or even any other systems exposed to the Internet in anyway, will be attacked, what should you do? Penetration testing seems to be popular, but it's expensive to perform and probably limited to larger companies for the most part.
Personally I wish that more companies, especially those large ones like Microsoft and Google, would publish the issues they find in their systems on a regular basis. They can lead the way by showing smaller companies, many of them customers of these technological leaders, what is often done wrong. I'd like to see more frameworks that include detailed error testing and handling in a secure manner that might help people write better code, especially where SQL injection is concerned.
And I'd like to see a large variety of code, not just a few sample applications. There are all kinds of applications people need, and having a variety of code frameworks that are securely tested, and documented, would be a great way for people to learn.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
