Tips for SQL injection protection

Robert Westervelt, News Editor

Microsoft recently identified tools to help software developers, security pros and others on the software development team serve up more secure code and defend against SQL injection attacks. Over

Requires Free Membership to View

Login

E-mail Address:

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

the last several months researchers have been tracking the attacks, which appear to be automated, using a number of hacker toolkits that can be purchased on the black market. In this podcast, Scott Matsumoto, a secure coding expert with Cigital Inc. explains the tools available and other ways companies can scan their Web-based software for errors that leave it vulnerable to attack.

Tips for SQL injection protection:

Use the link above or the side panel media player to listen to the program.

Download MP3 | Subscribe to SearchSecurity.com audio downloads

Program Links:

Microsoft identifies tools to address SQL injection attacks: On the heels of a tidal wave of SQL injection attacks in recent months, Microsoft issued an advisory to identify tools that could help stave off the attacks.

How to apply ISO 27002 to PCI DSS compliance: The Payment Card Industry Data Security Standard may be fairly straightforward, but it's lacking in defining the processes that will ultimately lead to PCI DSS compliance.

Microsoft tools won't be quick fix for SQL injection attacks: Microsoft's security advisory will help raise awareness about secure software coding, but it won't stop the onslaught of SQL injection attacks, experts say.

New wave of SQL injection attacks alarm researchers: Researchers are uncovering a wave of SQL injection attacks, suggesting that attackers are finding it easy to compromise new targets.

SQL injection attack infects hundreds of thousands of websites: Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.

Information Security podcasts: Visit SearchSecurity's podcast archive.

Related Topics: Application Attacks (Buffer Overflows, Cross-Site Scripting), Malware, Viruses, Trojans and Spyware, VIEW ALL TOPICS

More News and Tutorials

Articles

Injection attacks -- Knowledge and prevention

Injection attacks -- Knowledge and prevention

SQL injection protection: A guide on how to prevent and stop attacks

Answers: Don't get blindsided by blind SQL injection attacks

New SQL injection attacks and defense

Threat Monitor podcast archives

Application threats: CSRF, injection attacks and cookie replay

Could managed security services cause data woes?

Is SQL injection really the guilty party in software application vulnerabilities?

Information security podcasts: 2008 archive

Related glossary terms

Terms for Whatis.com - the technology online dictionary

pharma hack

directory harvest attack (DHA)

mobile app security

application blacklisting

DOS (Disk Operating System)

jolt

SYN flooding

distributed denial-of-service attack (DDoS)

JavaScript hijacking

likebaiting

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Comment:

Back to top

Latest News

Lavabit, Silent Circle close secure email rather than spill the goods

Neohapsis: IPv4 plus IPv6 enables man-in-the-middle attacks

FortiGuard Labs sees fast rise of mobile malware in 2013

Radware's Ron Meyran discusses DoS attack tools, planning, execution

Black Hat 2013: Experts urge elliptical curve cryptography adoption

Search this site

More from Related TechTarget Sites

Cloud Security

Consumerization

Financial Security

SMB Security

Security AU

Security IN

Computer Weekly

Cloud Security

Storing data in the cloud: Addressing data location security issues

When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.

An introduction to enterprise hybrid cloud security

A custom cloud infrastructure requires a special set of security controls. Get advice on how to implement hybrid cloud security the right way.

SOC 2 reports: The de facto cloud provider security standard

They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.

Consumerization

Rich mobile platforms vs. mobile Web-based services

One big debate right now is whether employees should use local applications or mobile Web-based services. There are use cases for each kind of app.

NAC security becoming critical infrastructure component for BYOD

Organizations are warming up to NAC security products due to popularity of BYOD for robust device security and better systems integration.

Managing endpoints is about monitoring access, not device control

Managing endpoints in the BYOD era isn't easy, and you have to come at it with the right attitude. Focus more on access and less on device control.

searchFinancialSecurity

PayPal CISO: Laws must foster better cybersecurity information sharing

PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security.

Cybergang plans to use Trojan against U.S. banks

A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA.

Improved Shylock Trojan targets banking users

The latest variant of the banking Trojan is causing numerous problems, Symantec said.

searchMidmarketSecurity

Windows Phone 7 security: Assessing WP7 security features

Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.

Choosing the best security certifications for your career

Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.

Midmarket security tutorials

SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.

searchSecurityAU

Black Hat 2013: Experts urge elliptical curve cryptography adoption

A session by a team of crypto experts at Black Hat USA 2013 argued that RSA and Diffie-Hellman should be abandoned in favor of ECC.

New advanced persistent threat protection: Beyond perimeter defense

Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection.

Cisco spends cool $2.7 billion in Sourcefire acquisition

In biggest security acquisition since 2011, Cisco has announced it will buy IDS maker Sourcefire for $2.7 billion.

Information Security

Indian banks step up security amid mobile banking acceleration

The Indian banking system is at the begining of a new era, driven by mobile technology, but the widening of access to banking services brings with it security risks

Web app attacks demand automated defences, study finds

Automation is the most effective way to tackle multiple prolonged cyber attacks on web applications, a study has confirmed

BlackBerry ready to enable India to track messages

BlackBerry is ready to provide Indian law enforcement authorities with a way to track emails, email attachments and chats sent over its services

Computer Weekly

ICO to investigate London bins that track smartphones

Information Commissioner's Office is making enquiries into bins in London that track passing smartphones to target advertising to owners

The battle for the cloud

Pure cloud providers have changed the game and traditional mega-suppliers must fight to keep up

Well-managed software for flexible and resilient IT

Managing software assets is vital for maintaining a flexible and up-to-date IT platform. We look at best practices for software asset management

All Rights Reserved,Copyright 2000 - 2013, TechTarget

About Us

Contact Us

Site Index

Privacy policy

Advertisers

Business partners

Events

Media kit

TechTarget Corporate site

Reprints

Archive
Site map

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Tips for SQL injection protection

Requires Free Membership to View

More News and Tutorials

Articles

Related glossary terms

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

Latest News

More from Related TechTarget Sites