DDoS and SQL Injections

by Leonardo S
The article I chose for this week is titled “Hackers Trade Tips On DDoS, SQL Injection” by Mathew J. Schwartz. The main focus of the article is on the activity of certain underground hacker forums. The data security firm Imperva monitored 18 forums and released a report saying that the two hottest topics were DDoS attacks and SQL injection attacks. A distributed denial of service attack involves flooding a network with fake packets in order to make it inaccessible. The other attack, an SQL injection, involves a hacker sending their own commands into a database. If it doesn’t have the right security, the hacker can easily use commands to access the information stored in the database. Imperva also announced that SQL injection attacks are the most used type of attack against website. This announcement was backed by the fact that many security experts believe that SQL injection attacks are what caused the breach in South Carolina state databases in which thousands of credit card and social security numbers were taken.

 

Now that we will begin talking about SQL, I think it’s important to know that it is being used in a criminal sense. By using the same methods to retrieve and insert data in a legit business environment, a hacker could instead get important information that he otherwise should not have access to. While we learn about SQL I hope that we will also learn how to better prepare for SQL injections.

 

This article stood to me out because it shows that there are most likely people who are congregating on internet forums to try and learn how to use hacking techniques including SQL injection. This makes data security even more important for virtually every business out there. Hopefully the damage control for the South Carolina state attack goes smoothly and that other database admins see it as a reason to bump up security for their own systems.

 

Mathew J. Schwartz. (2012). Hackers Trade Tips On DDoS, SQL Injection. Available: http://www.informationweek.com/security/attacks/hackers-trade-tips-on-ddos-sql-injection/240012531?queryText=database . Last accessed November 4, 2012.

3 thoughts on “DDoS and SQL Injections

  • November 4, 2012 at 11:06 pm
    Permalink

    It comes to no surprise for me that the most common attacks are DDoS and SQL injections. These two are probably the easiest methods of performing. But then the people who put in place the security in databases are also to blame, since apparently the security of the database isn’t as secure as it should be.

  • November 4, 2012 at 11:57 pm
    Permalink

    Both DDoS and and SQL injections are devastating against Web applications. I believe that most SQL injection attacks can be neutralized by sanitizing incoming queries and using RBAC (granting appropriate privileges).

  • November 5, 2012 at 12:13 am
    Permalink

    For corporate businesses, it’s important to be aware of the types of security breaches. Most times than not, hackers disrupt the integrity by either denying business services to the public or stealing information from the company’s database. It seems now that it’s never safe to trust any company with your information unless they have the best security practitioners.

Comments are closed.