SQL injection examined 2/2 –Testing your apps against vulnerabilities
Ferenc Barta

SQL injection examined 2/2 –Testing your apps against vulnerabilities

In the previous part of the article, we had looked at some incidents to better understand how attackers try to find SQL injection vulnerabilities. Instead of looking for other incidents, I’ve decided to write a short introduction about testing your own application using publicly available automatic tools. Constantly searching for vulnerabilities on your web applications and services is vital. Most of the time, such systems are exposed to the Internet and it is certain that sooner or later, someone will try to exploit their vulnerabilities. Environment We’ll use a popular too...
Read more
The most common CMS attack types
Daniel Mecsei

The most common CMS attack types

Nowadays, the Internet plays a huge part in our lives. It gets bigger and bigger every day, now it has more than one billion websites. Most of these sites are built with CMS which stands for Content Management System. It is a tool that provides an easy-to-use method for users without any programming skills in creating websites. The most common CMSs are written in PHP because most shared-hosting providers only provide this way to share/operate your website with the community. According to the statistics, WordPress has the largest market share with 52%, followed by Joomla with only 6%. The...
Read more
Remote Script Injection caught by BitNinja
Nikoletta Szabo

Remote Script Injection caught by BitNinja

Nikoletta Szabo
Let’s see a real-life evidence from the BitNinja logs how we detect and block script injection.  The hackers always think they can fool the software, but the malicious scripts and packages are constantly dropped by Ninja Security. Being a machine-learning system, BitNinja collects the attack information and spreads it to other protected servers, so they will be shielded from the attack. What does this code mean? This time, the hacker wrote a nice code which is encoded with base64, but even looking at this suspicious string you are able to see that there is something wro...
Read more
SQL Injection examined 1/2
Ferenc Barta

SQL Injection examined 1/2

Relational database, SQL, SELECT SQL is a language designed for the manipulation of relational databases and for the retrieval of information from that database. A relation most commonly looks like a chart, which can be, for example, an article.   ARTICLES ID Title Text 1 DoS abc1  2    DDoS abc2...
Read more