Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Expect an Attack

By Steve Jones,

Do you expect your company's network to get hacked this year? What about your SQL Servers? According to this story, most companies (94%) expect to get hacked this year. That's kind of amazing to me. It reminds me of the SPAM problems where so many people just expect to get a regular amount of SPAM mail sent to them. I think filters have really cut down on the amount of SPAM I receive, going from dozens, or even hundreds a day to just a few now that are unsolicited.

Here at SQLServerCentral, we've been attacked a few times. Our database has been the victim of SQL Injection attacks in the past, though I hope that we've closed all those holes by now. I haven't seen anything go awry recently (knock on wood), but I'm sure that we are probed or even attacked on a regular basis.

If your company has any size, I'm sure that you will be attacked sometime in the next two years. Given that it's likely that your web presence, or even any other systems exposed to the Internet in anyway, will be attacked, what should you do? Penetration testing seems to be popular, but it's expensive to perform and probably limited to larger companies for the most part.

Personally I wish that more companies, especially those large ones like Microsoft and Google, would publish the issues they find in their systems on a regular basis. They can lead the way by showing smaller companies, many of them customers of these technological leaders, what is often done wrong. I'd like to see more frameworks that include detailed error testing and handling in a secure manner that might help people write better code, especially where SQL injection is concerned.

And I'd like to see a large variety of code, not just a few sample applications. There are all kinds of applications people need, and having a variety of code frameworks that are securely tested, and documented, would be a great way for people to learn.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 145 | Views in the last 30 days: 2
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

ARTICLE

Bad IT People

What happens when you have bad IT people working in your company? Steve Jones says that they always ...

FORUM

Expect an Attack

Comments posted to this topic are about the item [B]Expect an Attack[/B] Steve - Microsoft does keep...

BLOG

Panic Attack

I had a minor panic attack recently where I was getting ready for bed and all of a sudden thought......

Tags
editorial    
hackers    
secure programming    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones