[citation][nom]Kevin Parrish[/nom]Nearly 41-percent of all SQLi attacks originate from just ten hosts.[/citation]
So why don't they go and physically find the 10 hosts and knock on their owners door and either arrest them, or at the very least tell them to GET SOME FREAKING ANTI-MALWARE SOFTWARE or something. I mean at least make them turn the "hosts" off.
[citation][nom]gmarsack[/nom]@otacom72, totally agreed. Bad programming = easy attack. SQLi is simple to do and it's simple to prevent. Lazy = bad.[/citation]
If they were so simple to prevent, they wouldn't be so simple to do. Maybe some issues means laziness, but most are something that is accidentally overlooked after thousands of updates to websites every year. Odds are someone will slip up and make a mistake sometime. Human error will always be a problem and you cannot defend against it aside from redundancy checks by some automated means and other humans doing QA on all updated code. However, in the end, no system is or will be prefect. The only systems that come close cost major amounts of resources to maintain.