Blog Posts Tagged with "SQl Injection"
Why SQL Injection Still Plagues Us
July 23, 2013 Added by:Dan Kuykendall
Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.
Comments (0)
Moving From Poisoning the Ocean to Poisoning the Watering Hole
October 29, 2012 Added by:Fergal Glynn
Using the watering hole analogy, if you are the owner of a location where people congregate to drink you need to keep the beverages safe and clean. Unfortunately digital safety is decades behind food safety. If you own a website you need to understand what SQL Injection and XSS are...
Comments (0)
LulzSec Member Arrested for Sony Pictures Hack
September 05, 2012 Added by:Headlines
Rivera allegedly used a proxy server in an attempt to mask or hide his Internet protocol (IP) address and obtained confidential information from Sony Pictures’ computer systems using an SQL injection attack against its website...
Comments (0)
Oracle Security Alert Analysis
August 19, 2012 Added by:Alexander Rothacker
So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...
Comments (0)
Yourikan Claims Ninety-One Iranian Websites Hacked
August 07, 2012 Added by:Headlines
Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...
Comments (0)
Ticking Time-Bombs: Production Data in Non-Production Systems
August 03, 2012 Added by:Rafal Los
While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...
Comments (0)
Yahoo Voices Accounts Exposed and Available to the General Public
July 13, 2012 Added by:Marc Quibell
If Yahoo took "security very seriously" this probably may not have happened. This is obviously a fail in their IT Security practices, on many accounts, beginning with the SQL Injection attack used to compromise the server - yes, it only took one server to compromise for this to occur...
Comments (0)
Yahoo!'s No Encryption Trumps LinkedIn's Unsalted Hash
July 12, 2012 Added by:Headlines
Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...
Comments (0)
Despite Breach Trends - Website Vulnerabilities Decrease
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
Comments (1)
SecureState Contributes to the SQLMap Project
June 18, 2012 Added by:Spencer McIntyre
Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....
Comments (0)
Disclosures: The Vulnerability of Publicly Traded Companies
June 12, 2012 Added by:Fergal Glynn
What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...
Comments (1)
ICS-CERT: Emerson DeltaV Multiple Vulnerabilities
May 31, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...
Comments (0)
Romanian Authorities Arrest Suspected Anonymous Members
May 29, 2012 Added by:Headlines
When asked about the threat of arrest, Balaneasa said: "Romanian authorities (most of them) are just too stupid. I wonder what else they are taking seriously, besides hacking... Afraid? NEVER. We will fight to the end. And to be honest, all they will 'catch' may be clips of themselves sucking their own finger..."
Comments (0)
Data Mining A Mountain of Zero Day Vulnerabilities
May 22, 2012 Added by:Fergal Glynn
Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...
Comments (0)
ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities
April 04, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...
Comments (0)
Verizon Breach Report – Application Security Specific Highlights
March 28, 2012 Added by:Fergal Glynn
Eight-one percent of attacks utilized hacking. There was a stark difference between large and small organizations. SQL injection comes in 3rd after use of stolen logins and exploitation of backdoor or command and control channel. It is tied with dictionary attacks...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider