viernes, 7 de octubre de 2011
Report: An Anatomy of a SQL Injection Attack (Imperva)
This month's report from Imperva's Hacker Intelligence Initiative (HII) focuses on the rise in SQL Injection (SQLi) attacks on the Web. Dominating headlines for the past year, SQLi has become a widely-known, even outside the circle of security professionals. And for good reason: SQL injection is probably the most expensive and costly attack since it is mainly used to steal data.
Famous breaches, including Sony, Nokia, Heartland Payment Systems and even Lady Gaga's Web sites were compromised by hackers who used SQL injection to break-in to the application's backend database.
LulzSec, the notorious hacktivist group, made SQLi a key part of their arsenal. This report details how prevalent SQL injection attacks have become, how attacks are executed and how hackers are innovating SQLi attacks to bypass security controls as well as increase potency.