SharePoint 2010 and SQL Injection Attacks


As everyone might or might not know, last week the Internet was bombarded by a well-known method of attack called a SQL Injection Attack. As SQL is the heart or core of many applications (SharePoint for example) this opens us up to a need to be able to defend our past work, or answer questions from clients about “Are we safe?”. Security flaws are found in databases and programs nearly weekly, so trying to keep current can be a nearly impossible challenge.

It is important to patch and keep current, but also build SMART.I did not want to take the time to explain what these attacks are….here is a (link) better clarify if you need further explanation. This is a good article written by Mitchell Harper to better clarify examples of scripting.

What I want you to do is instead understand that SharePoint 2010 has no identified or documented vulnerabilities to this form of attack. This the OOB flavor only, once you have started customizing, adding Claims authentication, External Connections, etc….the bets are off.

You must have all updates and patches applied to your server and IIS to ensure safety. Might be a good topic to contact your old clients about and just reassure them of their safety.

Keep Moving Forward,

Advertisements

One Reply to “SharePoint 2010 and SQL Injection Attacks”

  1. Tableau Software
    I work on our Professional Services team.We have Business Consultants that can help in several ways.Our Company Which is Located in London.Provide Services To small And Medium Size Of businesses. Here are some of services that we offerhttp://www.sqiar.com/solu…
    Click on the link of that page to send us an email. We’d be happy to help.
    Professional Services
    Tableau Software

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s