How are SQL injection attacks typically carried out?
Prior to the spring of 2008, SQL attacks were done manually. The hacker would try different database queries from the browser or from pages displaying web forms, until he successfully injected code into the underlying database. These types of attacks are still done, but on a smaller scale compared to the automated SQL infection/attacks that have come on strong. Major banks and online merchants are putting up strong defenses, says Phil Neray, Guardium vice-president of security strategy, at Guardium. But regional banks and credit unions, smaller online retailers, and many government agencies remain highly vulnerable to manual, targeted SQL attacks. As cited above, some 100,000 webpages of the British civil service, United Nations and U.S. Environmental Protection Agency we so hacked in spring 2008. More recently, Commerce Bank, a small Midwest bank that operates 360 branches in Missouri, Illinois and Kansas, Scarborough & Tweed, a New Hampshire-based company that sells corporate gifts o
