[Dailydave] Quick thread on SQLi

[Jamie Riden]

On 7 March 2012 16:01, Dave Aitel <dave at immunityinc.com> wrote:
> I know it's been a decade, and everyone is sick of talking about SQLi,
> but none-the-less, I was chatting with a bunch of people about it at RSA
> and I wanted to throw out a metric to see if we can get consensus.
>
> The metric is this: How many websites have remote anonymous SQLi as a
> percentage. Obviously you're going to find more SQLi if you have
> authentication, or are doing static analysis on their code. But that's
> almost unfair. So let's just look at: "Can be found remotely by someone
> with a minimum of time and effort".
>
> My theory is 5%, and one of the companies who does this also thought 5%
> sounded reasonable.
>
> I think it's an interesting number to have, and if anyone wants to chime
> in, feel free!

One in twenty doesn't seem too far off in my experience. However,I'm
not sure how representative the sites I see are of the Internet as a
whole, that is the tricky bit.

To guess, I think if you ran sqlmap against websites at random, you'd
be seeing something like 3-8% vulnerable.

cheers,
 Jamie
-- 
Jamie Riden / jamie at honeynet.org / jamie.riden at gmail.com
http://uk.linkedin.com/in/jamieriden