27-08-07

SQL injection after Leuven and the UN are you next ?

As the number of hacked Belgian sites (http://be-hacked.skynetblogs.be) continues to grow weekly and the news of the hacked Leuven.be site was in some papers, it is maybe time that you wake up and do some testing yourself if you didn't already. Do not believe that there is only one test and only one kind of SQL injection. SQL injection is a changing attack and new techniques are being developed. In the best case you are only scanned by script kiddies that have downloaded some tools from the internet - so you must be sure that you are covered against these (that is a minimum). In the worst case you are the victim of a targeted attack and someone has taken a big coke, some cd's and a huge pizza and has taken it on himself to get you tonight, whatever the reason. As sql injection is used manually he will take the time to find whatever mistake somewhere in your database to get you.

If you are really professionally on the web you should contract with a firm that does on at least a monthly basis a checking of all the old and new vulnerabilities, exploits and attack techniques against your site.

Meanwhile you can start for free with these tools

http://www.sqlpowerinjector.com/

and 100 articles and tools collected here

http://www.furl.net/members/mailforlen?enc=UTF-8&sear...

23:52 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.