Articles Tagged ‘Protection’

E-mail Security White Papers

The articles to follow deal with one of the most discussed topics around the world, e-mail security. GFI.COM was kind enough to allow Firewall.cx visitors to gain access to their excellent White Page database covering hot e-mail security topics.

Security Articles

The following articles deal with one of the hottest topics around: Network, Web and IDS (Intrusion Detection System) Security.

The articles have been carefully selected to ensure they provide acurate and upto date information to our readers, while some have been written by our team, in response to our visitors request!

Understanding SQL Injection Attacks & How They Work. Identify SQL Injection Code & PHP Caveats

Introduction-to-SQL-Injection-01SQL Injections have been keeping security experts busy for over a decade now as they continue to be one of the most common type of attacks against webservers, websites and web application servers. In this article, we explain what a SQL injection is, show you SQL injection examples and analyse how these type of attacks manage to exploit web applications and webservers, providing hackers access to sensitive data.

Additional interesting Web Hacking and Web Security content:

What is a SQL Injection?

Websites operate typically with two sides to them: the frontend and backendThe frontend is the element we see, the rendered HTML, images, and so forth.  On the backend however, there are layers upon layers of systems rendering the elements for the frontend. One such layer, the database, most commonly uses a database language called SQL, or Structured Query Language. This standardized language provides a logical, human-readable sentence to perform definition, manipulation, or control instructions on relational data in tabular form. The problem, however, is while this provides a structure for human readability, it also opens up a major problem for security.

Typically, when data is provided from the frontend to the backend of a website – e.g. an HTML form with username and password fields – this data is inserted into the sentence of a SQL query. This is because rather than assign that data to some object or via a set() function, the data has to be concatenated into the middle of a string. As if you were printing out a concatenated string of debug text and a variable’s value, SQL queries work in much the same way. The problem, however, is because the database server, such as MySQL or PostgreSQL, must be able to lexically analyse and understand the sentence’s grammar and parse variable=value definitions. There must exist certain specific requirements, such as wrapping string values in quotes. A SQL injection vulnerability, therefore, is where unsanitized frontend data, such as quotation marks, can disrupt the intended sentence of a SQL query.

How Does a SQL Injection Work?

Articles To Read Next:

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup