Blog Posts Tagged with "SQl Injection"

72462991dba2e16e1588d4af1293ae58

Why SQL Injection Still Plagues Us

July 23, 2013 Added by:Dan Kuykendall

Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Moving From Poisoning the Ocean to Poisoning the Watering Hole

October 29, 2012 Added by:Fergal Glynn

Using the watering hole analogy, if you are the owner of a location where people congregate to drink you need to keep the beverages safe and clean. Unfortunately digital safety is decades behind food safety. If you own a website you need to understand what SQL Injection and XSS are...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LulzSec Member Arrested for Sony Pictures Hack

September 05, 2012 Added by:Headlines

Rivera allegedly used a proxy server in an attempt to mask or hide his Internet protocol (IP) address and obtained confidential information from Sony Pictures’ computer systems using an SQL injection attack against its website...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Oracle Security Alert Analysis

August 19, 2012 Added by:Alexander Rothacker

So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Yourikan Claims Ninety-One Iranian Websites Hacked

August 07, 2012 Added by:Headlines

Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Ticking Time-Bombs: Production Data in Non-Production Systems

August 03, 2012 Added by:Rafal Los

While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...

Comments  (0)

94c7ac665bbf77879483b04272744424

Yahoo Voices Accounts Exposed and Available to the General Public

July 13, 2012 Added by:Marc Quibell

If Yahoo took "security very seriously" this probably may not have happened. This is obviously a fail in their IT Security practices, on many accounts, beginning with the SQL Injection attack used to compromise the server - yes, it only took one server to compromise for this to occur...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Yahoo!'s No Encryption Trumps LinkedIn's Unsalted Hash

July 12, 2012 Added by:Headlines

Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Despite Breach Trends - Website Vulnerabilities Decrease

July 02, 2012 Added by:Headlines

"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."

Comments  (1)

759c37c6aff04cd46262f93652b5fad5

SecureState Contributes to the SQLMap Project

June 18, 2012 Added by:Spencer McIntyre

Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Emerson DeltaV Multiple Vulnerabilities

May 31, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Romanian Authorities Arrest Suspected Anonymous Members

May 29, 2012 Added by:Headlines

When asked about the threat of arrest, Balaneasa said: "Romanian authorities (most of them) are just too stupid. I wonder what else they are taking seriously, besides hacking... Afraid? NEVER. We will fight to the end. And to be honest, all they will 'catch' may be clips of themselves sucking their own finger..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities

April 04, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Verizon Breach Report – Application Security Specific Highlights

March 28, 2012 Added by:Fergal Glynn

Eight-one percent of attacks utilized hacking. There was a stark difference between large and small organizations. SQL injection comes in 3rd after use of stolen logins and exploitation of backdoor or command and control channel. It is tied with dictionary attacks...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »