Anatomy of a Hack: A Case Study

Avoiding hacks is perhaps the most essential responsibility for security organizations, which can learn some valuable lessons from this analysis of a real-life hack.

By Aaron Weiss | December 19, 2012

In a perfect world, we would all learn about preventing hack attacks before they happen. But sometimes the hack happens first and the lessons come second. This is the tale we are talking about today – based, in true Hollywood tradition, on a true story.

How to Prevent SQL Injection Attacks

Your company's web site does not have to be the next victim of a SQL injection breach. Here's how to protect against attack.

By Aaron Weiss | August 16, 2012

What do Sony Pictures, PBS, Microsoft, Yahoo, LinkedIn, and the CIA have in common? These organizations and their web sites have all been successfully breached using what has become the weapon of choice for hackers: SQL injection.

SQL, or the Structured Query Language, is the command-and-control language for relational databases such as Microsoft SQL Server, Oracle, and MySQL. In modern web development, these databases are often used on the back end of web applications and content management systems – meaning that both the content and behavior of many web sites is built on data in a database server.

URL Encoding and Manipulation

Description

Within technical literature, URL encoding, UTF encoding, escape-encoding, percent-encoding, and Web encoding are used interchangeably. To obtain a better understanding of malicious attacks such as XSS or SQL injection attacks, you need to gain an insight into URL encoding techniques.

Buffer-overflow attacks: How do they work?

Brien M. Posey, Contributing WriterPublished: 31 Jan 2005

Buffer overflows are a favorite exploit for hackers. The vast majority of Microsoft's available patches fix unchecked buffer problems -- but what about applications developed in-house? They are just as susceptible as commercial applications to buffer-overflow attack. It is therefore critical that you understand how they work and perform vulnerability testing on your home-grown applications prior to deployment.

Περισσότερα Άρθρα...

siglisi