Over the past six months, millions of Web pages have been hacked and seeded with malicious software, and in a great many cases the sites were hacked because their curators failed to put in place even basic database security measures. In most of these compromises, the hackers broke in using an attack called SQL injection. Rather than attacking specific software security vulnerabilities, SQL injection attacks target configuration weaknesses in the database layer of the site’s Web application, be it ASP, CGI, or PHP. While most SQL attacks are automated with the help of scanning tools, SQL attacks can be carried out using nothing more than a Web browser. An injection vulnerability most commonly exists when a site accepts input from a visitor — such as through a search or login box — but fails to filter out potentially harmful instructions, non-standard characters or computer code. Successful SQL attacks can […]
Posted on Friday, June 27th, 2008 at 6:06 am and under category News, Spam.
You can read any responses through the RSS 2.0 feed.
You can give a response, or trackback from your site.
Leave a Reply
Search
Recent Posts
Categories
Monthly Archives
- August 2008 (66)
- July 2008 (60)
- June 2008 (51)
- May 2008 (57)
- April 2008 (82)
- March 2008 (60)
- February 2008 (46)
- January 2008 (41)
- December 2007 (20)
- November 2007 (37)
- October 2007 (36)
- September 2007 (27)
- August 2007 (39)
- July 2007 (34)
- June 2007 (77)
- May 2007 (142)
- April 2007 (722)
- March 2007 (2124)
- February 2007 (612)