Security threats Toolkit
Story: Script kiddies learn grown-up hacking techniques
SQL Injection is not a problem if the application developer has coded the application not to trust the queries it receives. Form/search string validation should take into account any possible hack and code in defenses to obviate them. If the developer doesn't do this, then they're really incompetent and there's nothing more to it.
However, none of this you'd know from reading the article. The journalist seems to be arguing that problems arise due to bad Firewalls. That's not the case at all. In this context, firewalls have nothing whatsoever to do with the applications which sit behind it. They're really concerned with network traffic, not necessarily the content of trusted traffic to specific applications, eg form data to web applications. Thus if the application fails and is subjected to a successful crack it is down pure and simply to the lack of skill of the developer, nothing else.
Full Talkback thread









