Cyber security news for all

More

    SQL is one of the simplest attack vectors on company data

    Relational database management system such as Microsoft SQL servers are among the most popular in the market. Since they are considered to be very reliable and avoid inconsistencies in the data records, they have been an established standard for databases in most companies for decades.

    The Structured Query Language database language is usually used to query and edit the data. For example, users communicate with a server using a product search mask in a web shop, which in turn queries a database and feeds the results back to the web shop as a search result.

    Microsoft SQL Is Very Simple To Attack

    One reason why SQL is so popular with hackers could be that it is a very simple attack. An eleven year old child was able to hack and manipulate a copy of the website for the presentation of the election results in the US in just ten minutes. On the other hand, defense measures are as simple as they are effective.

    Hackers Inject Any SQL Code Into The Database

    Regardless of the type of SQL injection involved, the attacker injects any SQL code into the database query of a web application. This can happen in several ways. The simplest form of attack is the user input. Web applications usually accept input through a form. The front end then forwards the input to the database in the back end for processing. If the web application does not clean up the input, it is possible to delete copy or change database contents using injected SQL inputs.

    Attackers can also change cookies so that they infect the query of the web application. Cookies store information about the client status on the local hard drive. As a rule, web applications load cookies to process this information. A malicious user or malware can modify them to inject SQL commands into the backend database. The same is possible using server variables such as HTTP headers. Fake headers that contain any SQL can inject this code into the database if the web application does not clean this input either.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox