SEARCH RESULTS
 
Showing 1-10 of 102 records
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and compromised back-end databases courtesy of vulnerable Web pages, from a user's perspective the real attack...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle
 
...injection defense guidelines. The SDL requires guidance and education for end-users, and tools to verify security settings are highly recommended, as defined in " Stage 5: Implementation Phase: Creating Documentation and Tools for Users that Address Security and Privacy ". Today, Microsoft is releasing two new SQL injection defense and...
 
Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection
 
 
 
 
Expand article

Lessons learned from the massive SQL injection attacks against legacy Microsoft ASP apps

The Article has images
2008-07-08 14:32:33 by Chenxi Wang in Security & Risk Management
...injection attacks targeting Microsoft ASP applications running on IIS. The latest report has the number of attacked sites at 500,000. The press makes it sound like there is a new vulnerability in IIS or ASP. This cannot be further from the truth. The reality is the attacks are targeting Web applications where user input validation is not done...
 
Tags: asp, attacks, web applications, legacy web applications, input validation, user input validation, microsoft asp applications, user input, code injection attacks
 
 
 
 
Expand article

Smells Like a Copycat SQL Injection In the Wild

The Article has images
2008-07-28 05:51:23 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...injections , that as a matter of fact remain ongoing, copycats taking advantage of the very same SQL injection tools using public search engine's indexes as a reconnaissance tools, are also starting to take advantage of localized and targeted attacks , attacking specific online communities. Among these is mx.content-type.cn /day.js using...
 
Tags: sql, tools, sql injection tools, massive sql injections, attacks, sql injection attacks, sql injection, massive sql injection, site sql
 
 
 
 
Expand article

SQL injection compromises MLSgear.com customer information

2008-02-11 09:27:06 by Evan Francen in The Breach Blog
 
...injection attacks carried out on the MLSgear.com web site between January and August, 2007 Reference URL The New Hampshire State Attorney General breach notification Computerworld online story PogoWasRight.org report Report Credit The New Hampshire State Attorney General Response From the online sources cited above It has recently come to...
 
Tags: information, sensitive personal information, personal information, mlsgear, sql, debit card information, report credit, credit, credit card fraud
 
 
 
 
Expand article

WebGoat 1: SQL Injection Demonstration

2007-11-14 01:19:49 by Editor in Irongeek's Security Site
 
...Injection Demonstration SQL injection is a common web application attack that focuses on the database backend. WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. I plan to use WebGoat for a few future videos. This first WebGoat video will show the basics of...
 
Tags: sql injection, sql injection demonstration, webgoat, video, webgoat video, sql injection lessons, database backend, future videos, basics
 
 
 
 
Expand article

SQL Injection Follow-up

2008-05-30 15:58:00 by sdl in The Security Development Lifecycle
 
...injection defense techniques in the wake of the recent mass SQL injection attacks against ASP sites. Additionally, the Security Vulnerability Research & Defense blog has just posted an analysis of the attack along with guidance recommendations for IT/database admins, web developers, and end users. Finally, if you are looking for classic...
 
Tags: classic asp-specific, asp, sql injection, asp sites, security vulnerability research, guidance, guidance recommendations, bala neerumalla, web developers
 
 
 
 
Expand article

Yet Another Massive SQL Injection Spotted in the Wild

The Article has images
2008-05-26 10:58:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...injection attack was spotted in the wild during the last couple of hours, and while it continues remaining active, surprisingly, the malicious domain is not in a fast-flux. As I've already pointed out, the upcoming SQL injection attacks for the next couple of months, will be primarily executed by copycats, where among the few differentiation...
 
Tags: domain, domain chliyi, attack, sql injection attack, vbs script attempts, chliyi, malicious domain, sql injection attacks, differentiation factors
 
 
 
 
Expand article

Flash Player + Windows = Threat of SQL Injection

2008-05-29 15:59:09 by Editor in IT Security - The IT Security Industry's Web Resource
 
...injectionthere are apparently 18 variants of the new exploit. SecureWorks has the details Attackers insert SCRIPT and IFRAME tags into the content of trusted, legitimate web sites via a known SQL injection attack. Those tags redirect the user to the attackers server which hosts the Flash exploit. Tens of thousands of web sites are vulnerable...
 
Tags: vulnerable version, vulnerable, exploit, flash exploit, sql injection attack, integer overflow vulnerability, exploit sites, flash player, vulnerability