Imperva Blog|Login|中文Deutsch日本語

Videos

Year: 2014 2013 2012 2011 2010 2009 2008 All Hide Descriptions
Selected Tag: SQL Injection | Show All
Blocking Malicious Attacks Using SQL Injection Signature Evasion

Blocking Malicious Attacks Using SQL Injection Signature Evasion


This video demonstration is focused on a more advanced SQL Injection technique called "signature evasion." As the name implies, these techniques allow SQL Injection attacks to be conducted while avoiding detection by security controls that rely on signatures.

Tags: Attack Method, SQL Injection, Signature Evasion, Web Application Security, Database Security

Play Video  
Direct Database Access SQL Injection (Database Hacking)

Direct Database Access SQL Injection (Database Hacking)


SQL injection is usually a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. In this example, the database is attacked directly by a non-privileged user through direct interaction with the database - not through a Web application.

Tags: Attack Method, Direct Database Access SQL Injection, SQL Injection, Web Application Security, Database Security

Play Video  
Identifying & Blocking Blindfolded SQL Injection

Identifying & Blocking Blindfolded SQL Injection


This video demonstration is focused on a more advanced SQL Injection technique called "Blindfolded SQL Injection." These techniques are useful when attacking a system that doesn't display robust error messages. Note that error messages are helpful to attackers in SQL Injection attacks because they can reveal valuable information about the target.

Tags: Attack Method, SQL Injection, Blindfolded SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part I

Understanding & Preventing SQL Injection - Part I


This is the first of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part II

Understanding & Preventing SQL Injection - Part II


This is the second of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part III

Understanding & Preventing SQL Injection - Part III


This is the third of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Selected Tag: SQL Injection | Show All