According to the Open Web Application Security Project (OWASP), injection attacks are first on the list of the top 10 web vulnerabilities. Diving into these, SQL injections are responsible for a big chunk of this. Exploitation of SQL injections is trivial. This vulnerability is not just web related but […]
Structured Query Language, also known as SQL, is basically a programming language that deals with databases. For beginners, databases are simply data stores that contain both client side and server side data. SQL manages databases through structured queries, relations, object oriented programming, etc. Programming geeks will have come across […]
This article gives you an overview of SQLMAP, an SQL injection tool used for detecting and exploiting the SQLI.
What is SQLI?
SQL Injection is a web based attack used by the hackers to steal the sensitive information from the organizations through web applications. It is one of the most […]
What is SQL Injection?
SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit […]
This is an overview of SQLMAP, an SQL injection tool used for detecting and exploiting the SQLI.
What is SQLI?
SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. […]
Today we are talking about SQLmap, a SQL injection tool that is used for detection and exploitation of SQLI.
What is SQLmap?
SQLmap is a free and an open source tool that is used to detect and exploit SQL injection flaws. It has very nifty features that automate the process of […]
During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about […]
In this paper we will talk about a non-common vector of SQL injections.
Did you say a “Cookie” ?
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to […]
In the second installment of this series, we discussed one of the most prevalent attacks to applications: SQL Injection. The previous discussion introduced the reader to a technical understanding of how SQL Injection attacks inflict the most exposure of sensitive data, and how these vulnerabilities are not unique to […]
In this article we will cover the results of an informal investigation I performed into phishing websites.
Rather than simply reviewing them externally as a potential phishing victim would, I performed an autopsy on the tools, techniques and methods used by these cybercriminals. I will review how to find phishing […]
If you’re reading this article than I’m reasonably sure that you have heard of a virus, otherwise refered to as a Trojan horse or worm, which can infect your system. Once infected, your system may possibly infect others as well, e.g., when you connect your infected system to a […]