How SQL Injection Attacks Work

by    August 03, 2012, 4:41PM

SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a breach of 450,000 usernames and passwords. In this video, Ryan O’Boyle of Veracode discusses the nature of SQL injection attacks and how to defend against them.

Related Posts

Categories: Data Breaches, Vulnerabilities, Web Security

Comments (5)

  3. Mark
    3

    I also suggest that sensitive database columns are encrypted as another layer of defence so that even if an injection attack is successful an attacker can only read ciphertext.

     

Comments are closed.

Recommended Reads

patch_tuesday
May 09, 2013, 3:48PM
Categories: Vulnerabilities

Microsoft to Patch IE Flaw, 9 Others Next Week

by

The Microsoft Security Response Center announced today that it will ship ten bulletins in the March edition of patch Tuesday. MSRP considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE vulnerability exploited recently in an attack targeting the U.S. Department of Labor.

Read more...

vulnerability_nine_in_ten
May 02, 2013, 8:00AM
Categories: Vulnerabilities, Web Security

Nearly Nine in Ten Websites Contain One Serious Vulnerability

by

For at least the third year in a row, the number of serious vulnerabilities per website has fallen. That sounds like good news until you look at the numbers and realize that the average website carried an astonishing 56 holes in 2012, according to statistics compiled by WhiteHat Security and based upon data gathered from tens of thousands of websites.

Read more...