Blog Posts Tagged with "SQl Injection"

0a8cae998f9c51e3b3c0ccbaddf521aa

Defending Web Apps Against Overwhelming Odds

April 24, 2011 Added by:Rafal Los

We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Let’s Go with the Web Application Scan... It's Cheaper

April 21, 2011 Added by:Gary McCully

Many times, when choosing a Web Application Assessment, a company will choose the cheapest Assessment available without understanding the Pros and Cons of each Web Application Security Assessment. It is important to realize the fact that the cheapest option is not always the best option...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Security Provider Barracuda Networks Hit by SQL Injection

April 12, 2011 Added by:Headlines

The website of application security vendor Barracuda Networks was compromised by a SQL injection attack. The attack appears to have exposed confidential information regarding Barracuda's business partners as well as network login credentials of several employees...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security - Just Over the Horizon

March 31, 2011 Added by:Rafal Los

Things like Cross Site Scripting (XSS), SQL Injection, buffer overflow, access violation, race conditions and other variations are tested for using static analysis, dynamic analysis and some of the forthcoming hybrid technology. As an industry we're getting better at pattern-based security testing...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

NASA Systems Are Still Too Vulnerable to Attack

March 31, 2011 Added by:Dan Dieterle

Serious security gaps were found at NASA during a recent audit. The fact that a government run entity has been attacked, and then apparently ignored a plan to remedy the situation, speaks volumes about our nation's ability - or maybe better said desire - to thwart hacking attempts...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

MySQL Website Hacked (Ironically) by Blind SQL Injection

March 28, 2011 Added by:Rafal Los

Allow me to point out a little bit of irony in this headline... a website for one of the more popular open-source database alternatives gets completely compromised using blind SQL Injection. Ouch. Someone going by the moniker "Jack Haxor" posted this to the Full Disclosure mailing list...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DoS Surpasses SQL Injections as Primary Attack Method

March 16, 2011 Added by:Headlines

"Many of these organizations foolishly think that the network security gear that they have to handle the lower level DoSing floods will take care of this and it won't. The overall amount of traffic that you have to send to take down the Web server is a lot less, and it looks legitimate..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Web App's Public Enemy Number 1: SQL Injection

February 25, 2011 Added by:Rafal Los

It can't be that there isn't enough technology to find SQL Injection in your code... static analysis, dynamic analysis, home-brew scripts, IDE plug-ins, and literally hundreds of ways to identify SQL Injection in your code. So the problem can't be that we don't know how to find it...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Get Back to Basics: Stuxnet and Aurora Lessons

February 24, 2011 Added by:Headlines

The plain fact is that most organizations are falling far short in protecting against the same threats that they've faced for the last 10 years. SQL injection, phishing, malicious attachments, social engineering. Old, every one of them. And yet, still incredibly effective at compromising networks in some of the best-known and theoretically best-protected companies.

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Profiling the Use of Javascript in a Driveby Download Attack

February 21, 2011 Added by:Mark Baldwin

The process described in this article is very typical of how hackers use javascript to install malware on unsuspecting users browsing the web. Understanding how the bad guys use web technology to conduct their attacks can help all of us defend our networks against them...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Google Adds Security to Search

February 08, 2011 Added by:Robert Siciliano

"Now we’re expanding the search results notifications to help people avoid sites that may have been compromised and altered by a third party, typically for spam. When a user visits a site, we want her to be confident the information on that site comes from the original publisher..."

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Important Takeaways from ShmooCon 2011

February 07, 2011 Added by:Rafal Los

Conferences are more than just going to interesting talks, meeting people, and attending after-parties. Sometimes, if the conferences is really a gem - like ShmooCon - you actually learn something. After attending this year's conference, I think it relevant to share my thoughts...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Q and A with Hacker "srblche srblchez"

January 28, 2011 Added by:Rafal Los

An independent attacker who writes their own scripts and hacks in 'a couple of seconds' is your worst nightmare as a security professional, mostly because the velocity of attack is so great and the likelihood of being caught in a detection system like an IPS is so low...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Hacked .GOV .MIL and .EDU Sites for Sale

January 22, 2011 Added by:Headlines

"The victims' vulnerabilities were probably obtained by SQL injection vulnerability automatic scanner and exploited in automatic manner, as the hacker published his methods in a post in some hacker forum – see screen shot and explanation..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

How to Hack Websites

January 03, 2011 Added by:Rafal Los

One of the more popular ways of hacking a site is by finding a flaw in the website such as via XSS (Cross-Site Scripting) or SQL Injection - flaws which almost all sites contain if you look hard enough...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

Top Five Internet Security Vulnerabilities

December 22, 2010 Added by:Headlines

Security in the cyber space is paramount, but in the face of reduced budgets caused by the poor economy, many business are letting security best practices fall to the way side. Astaro has comprised the following top five internet vulnerabilities businesses can not afford to ignore...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »