Malware Attacks Growing at Popular Websites - SQL Injections
(Page 2 of 4 )
ScanSafe found that SQL (Structured Query Language) injections were one of the main culprits compromising legitimate websites. Briefly, here is how SQL injections can compromise a website's security. Hackers add the SQL code into a Web form input box. Then, they can use these form input boxes to send their requests to the company's database. As a result, hackers are able to either download the website's whole database or communicate with it in other illegal ways.
SQL injections are so easy to add because website developers don't implement tougher security measures during database development. Instead, most user authentication is based on the user name and password. The SQL's SELECT query will take those values and compare them to data in the database. If the values in the database match the user's login information, then they can access the website. If the values don't match, the users are denied access.
Additionally, hackers can easily use SQL injections thanks to the popularity of automated tools. These tools are widely available on the Internet. In fact, you can find many of them for free. According to Caleb Sima, the Chief Technology Officer of SPI Dynamics, because a black hat releases these tools, script kiddies can get them. Then, these script kiddies can point the malware at the website, and immediately download a database. The scary thing about this is that script kiddies don't need to have much experience. The automated tools do all of the dirty work for them. And they can wreak a lot of havoc on legitimate websites. Sima thinks that approximately 60% of web applications that consist of dynamic content are susceptible to SQL injection.
To prevent this potential exploit, it's crucial that security measures be strongly implemented at the development stage. Some of the measures you can take include managing the numbers and types of characters that web input text boxes accept. Dynamic content and web form input boxes are not your only vulnerable points, but other functions, such as shopping carts, are as well.
If you want to go a step further, you should check out automated tools, such as Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability Scanner enables you to scan your web applications to look for SQL injections and XSS, among other security exploits. The tool not only detects SQL injections weaknesses, but it enables you to repair them before the hacker knows about them.
Next: Malware is No Longer about Technology, but Big Business >>
More Web Hosting Articles Articles
More By Joe Eitel
