Bright Peter. How security flaws work: SQL injection.
Arstechnica.com, 2016. — 9 p. Простое объяснение сущности SQL-инъекции (компьютерной сетевой атаки на веб-приложение с помощью специально сконструированных SQL-выражений) и способов защиты от этого типа атаки. Разработка сопровождается видеороликом на английском языке. This easily avoidable mistake continues to put our finances at risk.
A demonstration of SQL injection in action.
Thirty-one-year-old Laurie Love is currently staring down the possibility of 99 years in prison. Love was recently told he'll face extradition to the US, where he stands accused of attacking systems belonging to the US govement. The attack was allegedly part of the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the tragic suicide of Aaron Swartz as the hacktivist infamously awaited trial.
Love is accused of participating in the #OpLastResort initiative through SQL injection attacks, an increasingly common tactic. SQL injections have recently been detected against state electoral boards, and these attacks are regularly implicated in thefts of financial info. Today, they've become a significant and recurring problem.
SQL injection attacks exist at the opposite end of the complexity spectrum from buffer overflows, the subject of our last in-depth security analysis. Rather than manipulating the low-level details of how processors call functions, SQL injection attacks are generally used against high-level languages like PHP and Java, along with the database libraries that applications in these languages use. Where buffer overflows require all sorts of knowledge about processors and assemblers, SQL injection requires nothing more than fiddling with a URL.
Arstechnica.com, 2016. — 9 p. Простое объяснение сущности SQL-инъекции (компьютерной сетевой атаки на веб-приложение с помощью специально сконструированных SQL-выражений) и способов защиты от этого типа атаки. Разработка сопровождается видеороликом на английском языке. This easily avoidable mistake continues to put our finances at risk.
A demonstration of SQL injection in action.
Thirty-one-year-old Laurie Love is currently staring down the possibility of 99 years in prison. Love was recently told he'll face extradition to the US, where he stands accused of attacking systems belonging to the US govement. The attack was allegedly part of the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the tragic suicide of Aaron Swartz as the hacktivist infamously awaited trial.
Love is accused of participating in the #OpLastResort initiative through SQL injection attacks, an increasingly common tactic. SQL injections have recently been detected against state electoral boards, and these attacks are regularly implicated in thefts of financial info. Today, they've become a significant and recurring problem.
SQL injection attacks exist at the opposite end of the complexity spectrum from buffer overflows, the subject of our last in-depth security analysis. Rather than manipulating the low-level details of how processors call functions, SQL injection attacks are generally used against high-level languages like PHP and Java, along with the database libraries that applications in these languages use. Where buffer overflows require all sorts of knowledge about processors and assemblers, SQL injection requires nothing more than fiddling with a URL.