How SQL Injection Attacks Work

by    August 03, 2012, 4:41PM

SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a breach of 450,000 usernames and passwords. In this video, Ryan O’Boyle of Veracode discusses the nature of SQL injection attacks and how to defend against them.

Related Posts

Categories: Data Breaches, Vulnerabilities, Web Security

Comments (5)

  3. Mark
    3

    I also suggest that sensitive database columns are encrypted as another layer of defence so that even if an injection attack is successful an attacker can only read ciphertext.

     

Comments are closed.

Recommended Reads

videogames
May 22, 2013, 2:13PM
Categories: Videos, Vulnerabilities

Researchers Discover Dozens of Gaming Client and Server Vulnerabilities

by

Two video game researchers have discovered a slew of zero day vulnerabilities in the engines that run popular first person shooter games like “Quake 4,” “Monday Night Combat,” “Crysis 2” and “Homefront,” among others that could put their servers and the gamers who use them in danger.

Read more...

patch_tuesday
May 09, 2013, 3:48PM
Categories: Vulnerabilities

Microsoft to Patch IE Flaw, 9 Others Next Week

by

The Microsoft Security Response Center announced today that it will ship ten bulletins in the March edition of patch Tuesday. MSRP considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE vulnerability exploited recently in an attack targeting the U.S. Department of Labor.

Read more...