Imperva Blog|Login|中文Deutsch日本語

White Papers

Selected Tag: SQL Injection | Show All

Download White Paper

Protecting Against Vulnerabilities in SharePoint Add-ons


Microsoft SharePoint is a widely adopted data-sharing and collaboration platform which is often extended using third-party software. When the data in SharePoint is sensitive and regulated, the security of the platform - as well as the software extensions - must be a top concern for organizations. This paper will discuss the threats introduced when using third-party SharePoint plug-ins and Web Parts, evaluate the effectiveness of traditional security solutions in respect to these threats, and provide recommendations for hardening SharePoint systems.

Tags: SharePoint Security, Web Application Security, SharePoint Vulnerabilities, SQL Injection, CMS, Content Management Systems


Download White Paper

Web Attack Survival Guide


The Web Attack Survival Guide is your secret weapon for surviving attacks from hacktivists and cybercriminals. This guide provides step-by-step instructions to help you prepare for and stop web attacks, from hardening your applications, to blocking advanced attacks like SQL injection and DDoS, to performing a post-mortem after the attack is over. Armed with this guide, you can confidently face impending web attacks with a well-thought out strategy.

Tags: Web Security, Web Application Security, Web Application Attacks, Hacktivists, Cybercriminals, SQL Injection, DDoS, Guide


Download White Paper

Facing Reality: Top Database Security Trends


Enterprise database infrastructure is subject to an overwhelming range of threats. Securing databases and the data they host is challenging not only because of the volume of data spread across heterogeneous platforms, but also because of the increased sophistication and rising rate of database security threats. This paper reviews the top database security trends that IT managers and security teams struggle to keep up with, including: advanced persistent threat (APT), SQL injection, implementation of audit controls, database patch and configuration management, limiting users rights to data based on business need-to-know, abuse of legitimate data access privileges, and cloud security.

Tags: Database Security, Trends, Advanced Persistent Threat, SQL Injection


Download White Paper

Blindfolded SQL Injection


Until today, exploiting SQL server injection attacks depended on having the Web Server return detailed error messages or having any other source of information. As a result, many security administrators suppressed these error messages, assuming this would protect them from SQL server injection exploitation. This white paper shows, however, that suppressing the error messages does not provide real protection. Imperva ADC research reveals a set of techniques that can be easily used to bypass error suppression, making it clear that more substantial measures must be taken against SQL server injection attacks.

Tags: ADC, SQL Injection, Blindfolded SQL Injection, Web Application Attacks, Web Application Security


Download White Paper

Blame it on the Media(Bot) -- Using Google Advertising Mechanism for Web Application Attacks


The research summarized in this paper is aimed at demonstrating how search engines can be manipulated to serve as attack tools. We were able to show that the AdWords and AdSense services from Google can indeed be used to launch attacks against unsuspecting web applications. Attacks types we were able to demonstrate include buffer overflows, SQL injections and CSRFs.

Tags: ADC, Google Hacking, Web Application Attacks, Buffer Overflow, SQL Injection, CSRF, Web Application Security


Download White Paper

SQL Injection 2.0


SQL Injection continues to be one of the most predominant Web application threats. Considering the widespread availability of valuable data on the Web, the popularity of ecommerce and dependency on the Web for all kinds of information, attackers are motivated to implement faster, more advanced SQL injection methods to launch high profile, widespread attacks on targeted Web sites. This paper provides of an overview of SQL Injection 2.0, including specific attack techniques such as automated SQL injection via search engines, SQL Injection for Web site defacement, malware distribution and Denial of Service (DoS) attacks, and direct database SQL Injection.

Tags: SQL Injection 2.0, Web Application Security

Selected Tag: SQL Injection | Show All


Term of the Month