1,300 Ways to Skin a CAT5

by James C
Summary:

It is reported that applications on the web are attacked by SQL injections on average of 71 times per hour. This is no comparison to the 1,300 attacks that some sites experience during peak attacks. Imperva, a security vendor, had conducted a research on 30 different Web application, spanning different industries and sizes. In concluded that 83% of all hacker related intrusions stemmed from SQL injections. To make the intrusion simpler the attackers used automated penetration tools. Tools like Sqlmap, LulzSec and Havij to name a few. The article states 8 safeguards for stopping SQL injection attacks.

  1. Blacklist malicious hosts.
  2. Pool resources.
  3. Minimize access.
  4. Encrypt data.
  5. Distrust users.
  6. Profile applications.
  7. Normalize inputs.
  8. Watch for automation.

Reflections:

Despite all the security precautions, virus, malware, adware protection programs, this article still shows that attackers always find ways to exploit the vulnerabilities of a Web application. As cumbersome as the process is to deter attacks equally is the process of finding them. It was odd to me to find that there were openly accessible programs that would automate the process of attack. This on the other hand can be a great way of finding all the holes in the programming of the application.

This was a great article to read because up until this point I had yet to understand the affects and severity of this type of attack. Also, that something as simple as a single line of code could create such attention.

Citations:

Schwartz, M. J. (2011). 8 techniques to block SQL attacks. Informationweek – Online,

(19383371), n/a. Retrieved from http://search.proquest.com/docview/892938450?accountid=10357