2008 was year of the SQL injection attack: IBM

February 2, 2009

[From Network World]

The year 2008 can be viewed as the year of the SQL injection attack, according to IBM's Internet Security Systems "X-Force 2008 Trend Statistics" report issued Monday.

"SQL injection, in particular, took off in 2008," says X-Force researcher Tom Cross, noting that the annual trend report concludes that 55% of all vulnerability disclosures made by vendors affected Web applications, a number that does not include custom-developed Web applications. Of those vulnerability disclosures, SQL injection-related vulnerabilities jumped 134% to replace cross-site scripting as the predominant type of Web application vulnerability last year.

The article continues at http://www.networkworld.com/news/2009/020209-sql-injection-attack.html?hpg1=bn