What 20 Mio. Euros apparently can't buy ...
… is a database that’s immune to SQL injection attacks.
The European Telecommunications Standards Institute (ETSI) is a standardization organization of the telecommunications industry (equipment makers and network operators) in Europe, with worldwide projection. ETSI has been successful in standardizing the GSM cell phone system and the TETRA professional mobile radio system. Also, several standards regarding data retention were developed by ETSI. According to Wikipedia, ETSi hat a budget of over 20 Mio. Euros in 2005.
Apparently, that was not enough money to secure the database/application against SQL injection attacks. Try http://www.etsi.org/Application/Search/?search=’ and you get:
Nice to see, that Microsofts „Security Initiative” reached the well educated .NET programmers at ETSI.
Tagged as: etsi
, injection, rant, security, sql | Author: Martin Leyrer
[Sonntag, 20080127, 22:49 | permanent link | 2 Kommentar(e)