Blog Posts Tagged with "SQl Injection"

01ceb9281b3fb3dbb90c3efbe327717e

It's Not the Spam Email But What Lies Behind Them

March 15, 2012 Added by:Alan Woodward

The fact that such large proportion of home machines host unknown malware hides a bigger threat. By hijacking so many PCs it is possible to mount a massive probing operation that can seek out high value targets that are susceptible to classic hacking attacks...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Examining the Top Ten Database Threats

March 14, 2012 Added by:PCI Guru

Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

The Truth Behind Data Breaches

February 16, 2012 Added by:Neira Jones

SQLi was the number one attack vector found in both the Web Hacking Incident Database and the number one Web-based method of entry in incident response investigations. SQL injections were the number one Web application risk of 2011...

Comments  (7)

B8db824b8b275afb1f4160f03cd3f733

Disclosures: How Much Sharing is Too Much?

February 15, 2012 Added by:Jack Daniel

What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Valley of Death Between IT and Security

February 03, 2012 Added by:Danny Lieberman

Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?

Comments  (0)

3750d420f6c2a9844b529978894dc0be

It's Time to Evolve How We Protect Our Data

January 24, 2012 Added by:Josh Shaul

Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

2012 Has Delivered Her First Giant Data Breach

January 17, 2012 Added by:Josh Shaul

We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Lilupophilupop SQLi Attack: One Million URLs Infected

January 05, 2012 Added by:Headlines

"When I first came upon the attack there were about 80 pages infected according to Google searches. Today, well as the title suggests we top a million, about 1,070,000 in fact - there will be duplicate URLs that show up in the searches. Still working on a discrete domain list for this..."

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Want Rapid Feedback? Try a Web Application Security Scan

December 27, 2011 Added by:Brent Huston

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Don't Fall Victim to Poor Network Segmentation

December 13, 2011 Added by:f8lerror

If an attacker compromises the DMZ, it is important to stop them there. Firewalls and segmentation is the key to this. Should a user have unlimited access to the internal network from a Citrix server or VPN? Or be able to connect to file shares, internal web applications, and databases?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten HTML5 Attack Vectors

December 09, 2011 Added by:Headlines

"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."

Comments  (0)

12ea1d6ac442fbf368f1da078fd43220

Keeping Privileged Users Under Control in Oracle Database

October 03, 2011 Added by:Esteban Martinez Fayo

SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

LulzSec Member Indicted for Sony Systems Hack

September 27, 2011 Added by:Headlines

The indictment alleges that Kretsinger and other coconspirators obtained confidential information from Sony Pictures’ computer systems using an “SQL injection” attack against its website, a technique commonly used by hackers to exploit vulnerabilities and steal information...

Comments  (0)

3ebd200287a032cf6d13d6b75a570c94

Full Frontal: Is it OK to Expose Weaknesses?

September 18, 2011 Added by:David Martinez

While it might be interesting and a bit exciting finding vulnerabilities in systems, keep in mind that reporting them to the appropriate people might be more hassle then it’s worth, especially when your doing it pro bono, as I discovered...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Anonymous Defaces BART Site - Posts User Data

August 15, 2011 Added by:Headlines

Hacktivist group Anonymous has hacked into myBART.org website belonging to San Francisco’s BART system. The attack was an SQL injection which was able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked