You are viewing 'SQL Injection'

AppSec Europe 2017

Hands-On Web Exploitation with Python

Michael Born

March 30, 2017 - Posted by Michael Born to Security Insight

Back in 2015, a colleague and friend asked if I would be interested in teaching a training class with him at OWASP AppSec USA. After carefully considering, I agreed. It’s a good thing, because he had already submitted the class to the call for trainings before asking me.

Fast forward a bit and we’re now gearing up to teach our third version of the class. What started out as a one-day training session has turned into a three-day course. Based on the feedback we have received over the previous years, my colleague and I have tweaked the class in an attempt to provide a class for all levels of programmers, from beginners who may be new to Python to veteran programmers.

Much like our first class, I have taken the time to develop a new vulnerable virtual machine for the test lab. This time around, I applied several lessons I learned along the way. The primary change to the virtual machine is that I made it quite a bit more simplistic. I did this because I... read more >

Hacks Targeting Voter Rolls

Hack the vote blog series: part 2

Chris Camejo

October 25, 2016 - Posted by Chris Camejo to Security Insight

Voter Rolls Hacking

At first glance, the hacks targeting voter registration databases are a bit confusing: the voter rolls are considered a public record in many states, often obtainable by paying a fee of a few hundred dollars. Websites can and have legally republished this data. Records are also available to political campaigns, even in states where the records are not otherwise publicly available, and these lists can be bought online. It raises the question: why hack into a database that can be had just by politely asking for it?

So far the conversation around the voter database hacks has focused on the confidentiality of these records, as if the exposure of this data presents some sort of increased risk. Illinois, a... read more >

The Uncanny Exploit Kit Cycle

7 Stages of Advanced Malware Threats

Robert Clauff

January 22, 2015 - Posted by Robert Clauff to Security Insight


Unless you have been living under a rock the last few years, I am sure you are aware of the rise of security breaches and the compromise of Fortune 500 companies.

This has a lot to do with the increasingly complex and advanced malware that is introduced into the wild, as well as those targeted towards specific companies and environments.

The days of simple viruses and malware are a thing of the past, similar to the days of $2.99 comic books. In case you were not aware, I am kind of a comic book nerd, but not just that, I am really passionate about good storytelling. While analyzing some advanced malware activity, I noticed a large similarity between the malware and the stories of which I am a fan. They both are very detailed and have complex patterns and paths.

Newly advanced malware... read more >

Protecting your Website from SQL Injection Attacks

Why Your Website May be Hacked Once Google Indexes It

Jacob Faires

November 18, 2014 - Posted by Jacob Faires to Security Insight

SQL Injection

SQL injection (SQLi) vulnerability on a website is a big fear for a web developer, a bigger fear for a business and one of the biggest fears for anyone involved with finance or point-of-sale (POS).

The attack methodology usually follows these lines:

  1. Identify SQL input locations.
  2. Determine capability of injection.
  3. Use SQLi to exfiltrate data/install backdoor.

How do attackers identify vulnerable targets?

Tools with SQL scanning capabilities, like Burp Suite, Havij and Acunetix, are able to discover vulnerabilities in websites, but they are not the most common way to... read more >

Hackers Amass 4.5 Billion Account Records

Russian Cybercrime Gang

Jon-Louis Heimerl

August 06, 2014 - Posted by Jon-Louis Heimerl to Threat Intelligence

Password Breach

Russian hackers, over a period of several years, have bought or compromised websites to amass 4.5 billion account records (usernames, passwords and email addresses), according to a recent report released from Hold Security. This is a total of about 1.2 billion unique entries. When you consider that there are something on the order of 3 billion total Internet users in the world, that means as many as 40% of all world-wide Internet users are directly affected by this compromise.

From available information, it appears that the Russian hackers bought or traded for site and account information, then built a prolonged process to locate and compromise websites that they could include in their botnet. Part of their process was to compromise website databases and steal any account credentials they could... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)