Projects: Security - Baseline
Home arrow Projects: Security arrow Is Your Web Site at Risk of Injection?















Renew Your Subscription

Projects: Security



Is Your Web Site at Risk of Injection?



By Regina Kwon
2002-11-01
Article Views: 3167
Article Rating:starstarstarstarstar / 0

Think your Web site is secure? Think again.

Rate This Article:
Poor Best
Add This Article To:
Robbing banks is dangerous and unpredictable, and it requires leaving the house. Hacking, on the other hand, has a high success rate, pays well (extortionists ask for--and get--an average of $160,000 per hack) and can be done in one's pajamas.

PDF Download

"The attacks work because the software most people use has vulnerabilities," says Alan Paller, Director of Research at the SANS Institute, a security watchdog. The first challenge, he says, is simply to find out what those vulnerabilities are. "It's like owning a car, and every week there are new defects. But no one tells you what they are. Instead, you're supposed to somehow divine them."

Sites that use scripts to create pages dynamically are particularly prone to attacks. Because the back-end applications of a dynamic site view the Web server as a "trusted source," seemingly innocent text fields can act as entry points for malicious requests. One such attack, SQL Injection, could lead to a site's entire back-end database being downloaded by a hacker, says Caleb Sima, chief technology officer and cofounder of security vendor SPI Dynamics. "The problem is extremely common," he says.

Sima has provided steps for testing your own Web site for SQL Injection and other vulnerabilities. Click here to get started.



 
 
>>> More Projects: Security Articles          >>> More By Regina Kwon
 



Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future
     
    		•
     
    FEATURED SPONSORED ARTICLES
    FEATURED SPONSORED VIDEOS

     

    Related Content

    Articles Labs/How-To Multimedia


    LATEST STORIES
    - Five Ways to Put Mobile Technology to Work
    - Ten iPhone Apps that Will Save You Money
    - Mobility Transforms the Customer Relationshi...
    - BPM Keeps Pace With Business Changes
    - Speech Recognition Speaks To Businesses


     

     

    Advertisement
    rss graphic
           Baseline Newsletters

    Baseline:  

    Issue Index | Contact Us | About | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | TechDirect | Technology White Papers | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.