SQL Injection


SQL Injection has existed as a
very real – and documented – threat to enterprise security for years.
While the concept is far from novel, the techniques, tools, and scope of
SQL Injection attacks are growing exponentially – and at a rate that far
outpaces traditional, time-consuming defence mechanisms such as code
review. Need proof? A quick scan of the industry headlines inevitably
produces a lengthy list of international SQL Injection victims.
Join Amichai Shulman, CTO of
Imperva and Director of the Application Defense Center (ADC), as he pulls
back the covers on the next generation of SQL Injection attacks and
provides directions on how you can protect your organisation against
these increasingly sophisticated and dangerous threats. Mr Shulman will
highlight how hackers are launching non-customized attack code via
“botnets” and Google searches to distribute malware with lightning-fast
speed and precision efficiency. This educational webinar will also
feature live demonstrations of several different types of SQL Injection
attacks. Specific topics that will be covered during the webinar include:
SQL Injection Cocktails
Mass SQL Injection Attacks and Google Hacking
SQL Injection Automation Tools
SQL Injection DoS Attacks
Lateral SQL Injection and other Database-Related SQL
Injection Attacks
The SQL Injection
and Signature Evasion: Protecting Web Sites Against SQL Injection
SQL injection is one of the most
common attack strategies employed by attackers to steal identity and
other sensitive information from Web sites. By inserting unauthorised
database commands into a vulnerable Web site, an attacker may gain
unrestricted access to the entire contents of a backend database.
This paper provides a detailed description of the SQL attack process by
taking the reader through a hypothetical attack on a healthcare Web site.
The paper then demonstrates a range of SQL injection evasion techniques
that are commonly employed to circumvent traditional signature-based protections
provided by network firewalls and intrusion prevention systems. The paper
concludes that reliance upon signature protections alone to defeat SQL
injection is not practical.

Rate This Article:
No comments

leave a comment