SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. (Wikipedia)
(continue)
I think that everyone has heard of the recent “hacking series” against major antivirus companies. After the recent SQL injections in Kaspersky, BitDefender (here and here) and F-Secure the regular user might wonder in which company should they still trust.
(continue)
People tend to overdo things… And somewhere (not sure were) I’ve read an article (or better call it tutorial) where for simple modifications of parameter/header values the author suggested an intercepting proxy like: WebScarab, BurpProxy, ParosProxy, ProxyStrike, etc. Yes they’re up to the job, but aren’t there some simpler solutions? Yes there are, and those solutions will be presented in the following lines…
(continue)
A while ago I wrote an article entitled Logging the HTTP requests! where I mentioned why you should implement a logging system (especially when you haven’t got access to the access log, like in shared hosting environment) and how to implement a simple (or not) logging system. Today we will go a step further.
(continue)
Today DamnVulnerableLinux version 1.5 was released, linux distribution that offers a learning environment directly out of the box.
(continue)