Imperva: Protecting the Data that Drives Business Login|Japanese

Videos

Year: 2010 2009 2008 All Hide Descriptions
Popular Tags: Web Application Firewall, Attack Method, SQL Injection, Web Application Security, Database Security
Blocking Malicious Attacks Using SQL Injection Signature Evasion

Blocking Malicious Attacks Using SQL Injection Signature Evasion


This video demonstration is focused on a more advanced SQL Injection technique called "signature evasion." As the name implies, these techniques allow SQL Injection attacks to be conducted while avoiding detection by security controls that rely on signatures.

Tags: Attack Method, SQL Injection, Signature Evasion, Web Application Security, Database Security

Play Video  
Detecting XSS Scripting (Cross-Site Scripting)

Detecting XSS Scripting (Cross-Site Scripting)


This video should be viewed following the Script Injection video demonstration. Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker.

Tags: Attack Method, XSS, Cross-site scripting, CSS, Web Application Security, Database Security

Play Video  
Direct Database Access SQL Injection (Database Hacking)

Direct Database Access SQL Injection (Database Hacking)


SQL injection is usually a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. In this example, the database is attacked directly by a non-privileged user through direct interaction with the database - not through a Web application.

Tags: Attack Method, Direct Database Access SQL Injection, SQL Injection, Web Application Security, Database Security

Play Video  
Identifying & Blocking Blindfolded SQL Injection

Identifying & Blocking Blindfolded SQL Injection


This video demonstration is focused on a more advanced SQL Injection technique called "Blindfolded SQL Injection." These techniques are useful when attacking a system that doesn't display robust error messages. Note that error messages are helpful to attackers in SQL Injection attacks because they can reveal valuable information about the target.

Tags: Attack Method, SQL Injection, Blindfolded SQL Injection, Web Application Security, Database Security

Play Video  
Identifying Database Privilege Abuse by Malicious Insiders

Identifying Database Privilege Abuse by Malicious Insiders


This example of database privilege abuse relates to direct database attacks without Web applications. A malicious insider can decompile a fat desktop Java client to glean credential information allowing him to directly access the database with elevated privileges. Using the application's credentials for database access, not his own, he could operate with the privileges granted to the Java application.

Tags: Attack Method, Insider Threats, Privilege Abuse, Web Application Security, Database Security

Play Video  
Mitigating Client Side Database Protocol Attacks

NEW: Mitigating Client Side Database Protocol Attacks


This video demonstration illustrates methods for attacking databases by leveraging a client side application as well as vulnerabilities within the database protocol. This example addresses Oracle 10i. Using a Hex or Text editor it is possible to modify the SQL login stream on the client side in a way that takes advantage of the Oracle Database User running as DBA. By compromising the process with an attack such as a buffer overflow, an attacker can perform an injection of code causing anything from a denial of service attack to data modification on the Oracle server side database.

Tags: Attack Method, Web Application Security, Database Security

Play Video  
Recognizing Web Application Parameter Tampering

Recognizing Web Application Parameter Tampering


This video demonstration explores ways an attacker can modify parameters within a Web application. Parameter tampering is a simple attack targeting the application business logic. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

Tags: Attack Method, Parameter Tampering, Web Application Security, Database Security

Play Video  
SecureSphere Database Security Gateway Overview

SecureSphere Database Security Gateway Overview


Want to know how the SecureSphere Database Security Gateway can help organizations assess, audit, and protect their most critical assets? This video provides a high-level overview of Imperva's database security products and describes how the market-leading SecureSphere Database Security Gateway addresses each step in the data security and compliance lifecycle.

Tags: Database Monitoring, DAM, Database Firewall, Database Security, SecureSphere, Product Tour

Play Video  
SecureSphere Interactive Audit Analytics

SecureSphere Interactive Audit Analytics


SecureSphere Interactive Audit Analytics provides a fast reliable way to view audit data and understand database activities. Using various audit views it supports analysis and correlation of security events with just a few clicks of a mouse.

Tags: Audit, Database Security, Database Activity Monitoring, DAM, Interactive Audit Analysis, Technical Video, SecureSphere

Play Video  
SecureSphere Web Application Firewall - Vulnerability Assessment Integration

SecureSphere Web Application Firewall - Vulnerability Assessment Integration


This video demonstrates how the Imperva SecureSphere Web Application Firewall integrates with application vulnerability scanners. Watch this video to find out how SecureSphere creates policies and detects and blocks attacks based on vulnerability assessment results.

Tags: Web Application Firewall, WAF, Web Application Security, Technical Video, SecureSphere, Vulnerability Assessment

Play Video  
SecureSphere Web Application Firewall Overview

SecureSphere Web Application Firewall Overview


Learn how the SecureSphere Web Application Firewall safeguards Web applications without modifying application behavior or impacting performance. This five minute video demonstrates common application threats and describes key product capabilities including automated application learning, up-to-date security defenses, and transparent deployment.

Tags: Web Application Firewall, WAF, Web Application Security, Product Tour, SecureSphere

Play Video  
Session Hijacking - Bypassing Web Application Security

Session Hijacking - Bypassing Web Application Security


Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.

Tags: Attack Method, Session Hijacking, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part I

Understanding & Preventing SQL Injection - Part I


This is the first of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part II

Understanding & Preventing SQL Injection - Part II


This is the second of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part III

Understanding & Preventing SQL Injection - Part III


This is the third of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding Script Injection

Understanding Script Injection


This video should be viewed as a prerequisite to the XSS video demonstration. Script Injection is a form of Web application attack where the victim Web server is tricked into running the attackers script/code.

Tags: Attack Method, Script Injection, Web Application Security, Database Security

Play Video  
Universal User Tracking

Universal User Tracking


Watch how Imperva's Universal User Tracking technology enables organizations to track individual end users, even when user connections are pooled. This informative and concise video shows how Imperva's innovative Web to Database User Tracking technique accurately identifies end users in multi-tier environments.

Tags: User Tracking, Web Application Firewall, WAF, Database Firewall, Web Application Security, Database Security, Technical Video, SecureSphere

Play Video  
Using Cookie Poisoning to Bypass Security Mechanisms

Using Cookie Poisoning to Bypass Security Mechanisms


This video demonstration illustrates cookie poisoning attacks. Cookie poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal his identity.

Tags: Attack Method, Cookie Poisoning, Web Application Security, Database Security

Play Video