Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Sony PlayStation's site SQL injected, redirecting to rogue security software
- The latest high trafficked web site to fall victim into the continuing waves of massive SQL injection attacks courtesy of copycats and the ASProx botnet, is Sony's PlayStation U.S site according to a recent post at SophosLabs's blog : "Researchers at IT security firm Sophos have warned lovers of...
- Tags: Sony Corp., Domain, SQL, Sony Playstation, SQL Injection, Hacker, Programming Languages, Game Players, Databases, Security, Software Development, Software/Web Development, Consumer Electronics, Personal Technology, Enterprise Software, Software, Data Management, Dancho Danchev
- Blog posts 2008-07-02
- Microsoft ships free code auditing tools to thwart SQL injection attacks
- Microsoft ships free code auditing tools to thwart SQL injection attacksSQLs failureSQL's #1 failure is its ailing concept that a single string is a sufficient API. Its stronger APIs are left in disuse by those who advocate this policy. Injection follows.I've never heard of a perl script falling...
- Tags: Programming languages, Databases, Scripting languages, Scrawlr, auditing, Microsoft Corp., SQL, SQL injection
- Discussion threads 2008-06-24
- Microsoft ships free code auditing tools to thwart SQL injection attacks
- On the heels of a dramatic rise in SQL injection attacks linked to drive-by malware downloads, Microsoft has released aimed at helping Webmasters and IT administrators block and eradicate this attack class. According to a security advisory from the Redmond, Wash. software giant, the tools are...
- Tags: Vulnerability, Auditing, SQL, Microsoft Corp., SQL Injection, Tool, Scrawlr, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Ryan Naraine
- Blog posts 2008-06-24
- Michael Howard on SQL Injection and my concerns on the most recent attacks
- Michael Howard on SQL Injection and my concerns on the most recent attacksvotes are off8 votes right now: No for 1st is 100% & Yes is 13%, same for 2nd, exception Yes & No percentages are switched. Poll bug?now they're goodAt 9 votes, they show up correctlyWeirdStrange... wonder what happened.-Nate
- Tags: SECURITY, Michael Howard, SQL injection, SQL
- Discussion threads 2008-05-29
- Michael Howard on SQL Injection and my concerns on the most recent attacks
- So, in catching up with blogs after vacation, I went and had a peak at Michael Howard's web log, and was glad to see another post from him. His posts are very insightful I just wish he would post more. So, way back on May 16th (old news now, but still...
- Tags: Web, SQL, SQL Injection, Attack, Michael Howard, SQL Payload, SDL, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters
- Blog posts 2008-05-29
- Tracking down the Storm Worm malware
- What is the current state of Storm Worm activity, how many infected IPs are found to host the malware on a daily basis, which are the latest domains used by the Storm Worm, and which countries have the largest infected population? You can easily find that out, if you keep...
- Tags: Malware, SQL, SQL Injection, TrustedSource, Spyware, Adware & Malware, Cyberthreats, Security, Programming Languages, Software Development, Software/Web Development, Dancho Danchev
- Blog posts 2008-05-26
- Over 1.5 million pages affected by the recent SQL injection attacks
- Over 1.5 million pages affected by the recent SQL injection attacksSo...Was this the programmers' fault? That's the tale that was trotted out with the previous 0.5 million SQL-injected sites story.
- Tags: Programming languages, SECURITY, SQL, SQL injection
- Discussion threads 2008-05-20
- Over 1.5 million pages affected by the recent SQL injection attacks
- In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all the malicious domains used in the continuing efforts by copycats to inject as...
- Tags: Domain, SQL, SQL Injection, Shadowserver, Security, Dancho Danchev
- Blog posts 2008-05-20
- The Storm Worm would love to infect you
- The Storm Worm malware is back in the game, with its most recent campaign currently active and trying to entice users into executing iloveyou.exe by spamming them with links to already infected hosts acting as web servers, next to SQL injecting malicious domains into legitimate sites for the campaign to...
- Tags: JavaScript, SQL, Worm, SQL Injection, Host, Storm Worm, Storm Worm Malware, Scanners, Cyberthreats, Scripting Languages, Programming Languages, Security, Databases, Viruses And Worms, Hardware, Peripherals, Software/Web Development, Web Development, Software Development, Enterprise Software, Software, Data Management, Dancho Danchev
- Blog posts 2008-05-19
- Fast-Fluxing SQL injection attacks executed from the Asprox botnet
- Fast-Fluxing SQL injection attacks executed from the Asprox botnetExfiltration?Dancho, are you seeing any exfiltration of data through these mass SQL Injection attacks? I have a few clients who have been hit as well.-Nate
- Tags: Tools & Techniques, SECURITY, Fast-Fluxing SQL injection attack, Asprox, software
- Discussion threads 2008-05-19
- Fast-Fluxing SQL injection attacks executed from the Asprox botnet
- The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling...
- Tags: Microsoft .NET, Domain, SQL, SQL Injection, Asprox, Com, Programming Languages, Phishing, Databases, Security, Software Development, Software/Web Development, Spam And Phishing, Enterprise Software, Software, Data Management, Dancho Danchev
- Blog posts 2008-05-19
- Redmond Magazine Successfully SQL Injected by Chinese Hacktivists
- Irony at its best. It appears that Redmond - The Independent Voice of the Microsoft IT Community, formerly known as Microsoft Certified Professional Magazine is currently flagged as a badware site, and third-party exploit detection tools are also detecting internal pages as exploit hosting ones, in this particular case Mal/Badsrc-A....
- Tags: Redmond, SQL, SQL Injection, F**k, Mal/Badsrc-A, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Dancho Danchev
- Blog posts 2008-05-16
- News to know: Psystar; IT Dojo; Microsoft moral; SQL Injection attacks; Ubuntu
- Notable headlines: David Morgenstern: Is Psystar Mac clone using the Kalyway boot hack? IT Dojo: Create your own bootable USB flash drive for Windows XP Mary Jo Foley: Microsoft internal memo details Windows 7-Windows Live ties Another reason...
- Tags: Ubuntu, Google Inc., Larry Dignan, Information Technology, Microsoft Office, Yahoo! Inc., SQL, Microsoft Corp., SQL Injection, Microsoft Windows, Microsoft Windows XP, Operating Systems, Strategy, Software, Management
- Blog posts 2008-04-29
- Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers
- Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS serversAh yes, the technology me-too'smaking the most basic of errors.On a less dangerous level, if you look at the HTML & CSS source of web sites, the most appallingly written ones are most often on IIS.This is...
- Tags: SECURITY, Microsoft IIS Server, SQL injection, HTML, CSS, SQL, Microsoft Corp., server
- Discussion threads 2008-04-28
- Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers
- There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS Internet Information Server, but has since been pointed out as simply a well thought out SQL Injection attack. For those of...
- Tags: Developer, Password, Web Application, Server, SQL, Site, SQL Injection, Microsoft IIS Server, Attack, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters
- Blog posts 2008-04-28
- Blackhat Europe, Day 1: The Waag, the Bulldog, and web application hacking
- Considering my previous posts on my experiences at Black Hat Federal received pretty good reviews, I thought it would make sense to again highlight a Black Hat trip. This time it was all the way out to Amsterdam, where Rob Carter and I will be speaking about URI Use...
- Tags: Black Hat, Web Application, SQL, Training, SQL Injection, Tool, Nate, Productivity, Hacking, Workforce Management, Security, Human Resources, Nathan McFeters
- Blog posts 2008-03-25
- Eliminate SQL Injection Attacks Painlessly With LINQ
- As developers assume more of the security burden, the first web application vulnerability that many developers learn about is a particularly dangerous form of command injection known as SQL injection. Because it's so well-known, SQL injection attacks are common, dangerous, and pervasive. Fortunately, developers can prevent SQL injection easily once...
- Tags: Developer, SQL, SQL Injection, LINQ, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management
- White papers 2007-05-24
- Use the revised OWASP Top Ten to secure your Web applications -- Part 3
- Injection flaws, specifically SQL injection vulnerabilities, can present the greatest business risk in a Web application environment. In this, the third in a series on the revised OWAP Top Ten Web Application Vulnerabilities, Tom Olzak explains the nature of injection flaws and SQL injection attacks and then makes recommendations for...
- Tags: Web Application, SQL Injection, Security
- Download resources 2007-03-23
- Application Layer Intrusion Detection for SQL Injection
- SQL injection attacks potentially affect all applications, especially web applications, that utilize a database backend. While these attacks are generally against the applications and not the database directly, there are some techniques that can be deployed to mitigate the risk at the database server. Database intrusion detection systems are often...
- Tags: Intrusion Detection, SQL, SQL Injection, Database Intrusion Detection System, Storage, Databases, Hardware, Enterprise Software, Software, Data Management
- White papers 2006-03-12
- Fend off the next SQL Injection attack with a properly secured database
- As long as Web applications are used to provide access to data, SQL Injection will continue to be a threat. SQL Injection is typically used to accomplish one of four objectives: bypass authentication, glean information, inject new or alter existing data, perform a denial of service attack, or gain access...
- Tags: SQL, SQL Injection, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management
- Download resources 2005-06-27
White Papers and Webcasts
In this podcast Intel's Malcolm Harkins and HP's Manny Novoa chat about the latest issues in security technologies, notably the emergence of hardware assisted virtualization.
