The World Wide Web is one of the most important ways for an organization to publish information, interact with Internet users, and establish an e-commerce/e-government presence. However, if an organization is not rigorous in configuring and operating its public Web site, it may be vulnerable to a variety of security threats. Although the threats in cyberspace remain largely the same as in the physical world (e.g., fraud, theft, vandalism, and terrorism), they are far more dangerous as a result of three important developments: increased efficiency, action at a distance, and rapid technique propagation.
The class of vulnerabilities known as SQL injection continues to present an extremely high risk in the current network threat landscape. SQL injection has been ranked as one of the top risks on the MITRE Common Weakness Enumeration (CWE)/SANS Top 25 Most Dangerous Software Errors list. https://www.sans.org/top25-software-errors Exploitation of these vulnerabilities has been implicated in many recent high-profile intrusions. Although there is an abundance of good literature in the community about how to prevent SQL injection vulnerabilities, much of this documentation is geared toward web application developers.