Curious about the trend in SQL injection exploit attempts. Are they growing? Just read an article claiming they've increased one hundred fold in the past year alone.

I believe you need really poor coding skills in order for your site to still be vulnerable for this kind of attack...

Unfortunately, way too many end users outsource their coding to developers, who later disappear. My question wasn't really about successful exploits, rather about the trend of attempted exploits.

We see them daily, but I don't see them as being an increase in attempts (at least from what we see on our own network). Now successful SQL Expoits I'll have to say has decreased a lot within our network but then we're constantly prodding at users who are running old software and not maintaining things.

about 6 months to a year ago a bunch of our clients faced sql injection problems. We havent noticed too many since then, as all of our clients upgraded their code.

Yeah i think its about the same - scripts are getting newer and newer and developer uses modern solutions so in most cases they dont even need to be aware of sql-injection possibility to be protected by it - take PDO extension for example - used right frees you from escaping input data

Yeah, some clients decided to change and upgrade their codes because of the problems they encountered like sql injection.

So no one thinks they've increased dramatically? Quite a contrast to the stats quoted in the article.

Could you please post a link to the article you are talking about?

This was from an article written by Art Wittman called, "The Fastest-Growing Security Threat," in the Information Week magazine, Nov 9, 2009 - page 70.

Thanks! Found the article.

Took me a few minutes to leaf through all the magazines I have all over my desk. Glad to help.