ShareWhite Papers
| Selected Tag: SQL Injection | Show All | |
 
|
Facing Reality: Top Database Security TrendsEnterprise database infrastructure is subject to an overwhelming range of threats. Securing databases and the data they host is challenging not only because of the volume of data spread across heterogeneous platforms, but also because of the increased sophistication and rising rate of database security threats. This paper reviews the top database security trends that IT managers and security teams struggle to keep up with, including: advanced persistent threat (APT), SQL injection, implementation of audit controls, database patch and configuration management, limiting users rights to data based on business need-to-know, abuse of legitimate data access privileges, and cloud security. Tags: Database Security, Trends, Advanced Persistent Threat, SQL Injection |
|
Blindfolded SQL InjectionUntil today, exploiting SQL server injection attacks depended on having the Web Server return detailed error messages or having any other source of information. As a result, many security administrators suppressed these error messages, assuming this would protect them from SQL server injection exploitation. This white paper shows, however, that suppressing the error messages does not provide real protection. Imperva ADC research reveals a set of techniques that can be easily used to bypass error suppression, making it clear that more substantial measures must be taken against SQL server injection attacks. Tags: ADC, SQL Injection, Blindfolded SQL Injection, Web Application Attacks, Web Application Security |
|
Blame it on the Media(Bot) -- Using Google Advertising Mechanism for Web Application AttacksThe research summarized in this paper is aimed at demonstrating how search engines can be manipulated to serve as attack tools. We were able to show that the AdWords and AdSense services from Google can indeed be used to launch attacks against unsuspecting web applications. Attacks types we were able to demonstrate include buffer overflows, SQL injections and CSRFs. Tags: ADC, Google Hacking, Web Application Attacks, Buffer Overflow, SQL Injection, CSRF, Web Application Security |
|
SQL Injection 2.0SQL Injection continues to be one of the most predominant Web application threats. Considering the widespread availability of valuable data on the Web, the popularity of ecommerce and dependency on the Web for all kinds of information, attackers are motivated to implement faster, more advanced SQL injection methods to launch high profile, widespread attacks on targeted Web sites. This paper provides of an overview of SQL Injection 2.0, including specific attack techniques such as automated SQL injection via search engines, SQL Injection for Web site defacement, malware distribution and Denial of Service (DoS) attacks, and direct database SQL Injection. |
| Selected Tag: SQL Injection | Show All | |
