Jump to content
Nytro

Practical Identification of SQL Injection Vulnerabilities

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Practical Identification of SQL

Injection Vulnerabilities

Articol al celor de la CERT-US.

by Chad Dougherty

Background and Motivation

The class of vulnerabilities known as SQL injection continues to present an extremely high risk

in the current network threat landscape. In 2011, SQL injection was ranked first on the MITRE

Common Weakness Enumeration (CWE)/SANS Top 25 Most Dangerous Software Errors list.1

Exploitation of these vulnerabilities has been implicated in many recent high-profile intrusions.

Although there is an abundance of good literature in the community about how to prevent SQL

injection vulnerabilities, much of this documentation is geared toward web application

developers. This advice is of limited benefit to IT administrators who are merely responsible for

the operation of targeted web applications. In this document, we will provide concrete guidance

about using open source tools and techniques to independently identify common SQL injection

vulnerabilities, mimicking the approaches of attackers at large. We highlight testing tools and

illustrate the critical results of testing.

Download:

http://www.us-cert.gov/reading_room/Practical-SQLi-Identification.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...