injection
RSS injectionEncoded Automated SQL Injection Attacks
White Paper Off late NetSPI has seen a sharp increase m encoded automated SQL injection attacks against Internet-facing web applications. At the time of publication, it estimate that more than 2.5 million web pages have been... [13 Nov 2009]
8 Steps to Holistic Database Security
White Paper SQL injection attacks, malfeasance by insiders and regulatory requirements are driving organizations to find new ways to secure their corporate and customer data found in commercial database systems such as Oracle,... [13 Nov 2009]
The Barracuda Web Application Firewall Advantage
White Paper With Web security expertise gained over more than eight years, Barracuda Networks offers the most comprehensive layer seven security solution against emerging threats including SQL injection, cross site scripting, and... [13 Nov 2009]
Two Security Vulnerabilities in the Spring Framework's MVC
White Paper While performing source-code security review engagements, members of the Ounce Labs' Advanced Research Team (ART) discovered and exploited the following two vulnerabilities in the commonly used Spring Framework's MVC (Model View... [12 Nov 2009]
A Dynamic Technique for Enhancing the Security and Privacy of Web Applications
White Paper Typical exploitation methods as database-injection attacks, shell injection attacks, cross-site scripting attacks and directory-traversal attacks are prevented. Web application security and privacy... [11 Nov 2009]
An Anatomy of a Web Hack: SQL Injection Explained
White Paper The nation of SQL injection isn't new, but is still widely misunderstood and many sites are still vulnerable to attack. This paper shows how easy it is to penetrate the average website and gain information about the... [06 Oct 2009]
Changing the Game: The New Security Threats Facing Your Organization
White Paper In addition, readers will gain an understanding of the top web application attacks, such as SQL injection, cross-site scripting, session hijacking and scraping, and how to best remediate these tactics. [06 Oct 2009]
Web Application Integrity Series: SQL Injection
White Paper This webcast delves into one of the largest web application threats out there, SQL injection, and prepares one with the information needed to keep the company safe. Concerned with the abundance of emerging web... [02 Oct 2009]
Think You Are Immune From a Web Application Attack - Think Again!
White Paper Breach Security recently announced that web attackers unleashed a new type of SQL injection attack in 2008 that compromised more than 500,000 websites, according to its Web Hacking Incidents Database (WHID) 2008 Annual... [01 Oct 2009]
Outsmarting Tomorrow's Hackers Today
White Paper Network IDS/IPS and first-generation Web Application Firewalls (WAFs) don't protect against today's sophisticated web application threats, such as cross-site scripting, injection flaws and other vulnerabilities listed on... [01 Oct 2009]
How to Write SQL Injection Proof PL/SQL
White Paper An internet search for "SQL Injection" gets about 4 million hits. This whitepaper dymystifies the topic and explains a straightforward approach to writing database PL/SQL programs that provably guarantees their immunity... [02 Sep 2009]
Largest hack and ID theft in US: Three suspects charged
News They used an SQL injection attack to steal the data and used computers in California, Illinois, Latvia, the Netherlands, New Jersey and Ukraine for storing malware and stolen data and launching attacks, according to the... [18 Aug 2009]
The Vertical Risk: Web-Delivered Malware Impact by Industry
White Paper While SQL injection attacks have by far been the most prevalent attacks on websites throughout 2008, all forms of website compromise have been on the increase. The type and frequency of Web-delivered malware changed... [07 Aug 2009]
MI5 plugs website flaw that left site open to hack attack
News Last week, a hacker with the handle '[-TE-]-Neo' wrote that the MI5 website was vulnerable to cross-site scripting and Iframe injection. MI5 has closed up a flaw on its website that could have opened up visitors to... [30 Jul 2009]
'Hack your own Oracle database' tool unveiled next week
News Over the years there have been tons of Oracle exploits, SQL injection vulnerabilities, and post exploitation tricks and tools that had no order, methodology, or standardisation, mainly just random .sql files. [24 Jul 2009]
