Many organizations and individuals struggle with differentiating network wide and data centric attacks and proving that Firewall and traditional perimeter security does not prevent many such attacks. Demonstrating data centric attacks is a great way to make them understand these types of threats and how to defend against them.
Just as a refresher, relational databases such as Oracle, MS SQL, Sybase, MySQL store data in the form of related tables of records. Such records can be accessed, queried, or modified by specially formatted statements. The standard format for these types of queries are made using a standard called Structured Query Language or SQL. With the need to access these records from a web front end, SQL injection attacks became popular. So, SQL injection is nothing but a set of SQL commands.
Folks at imperva have put together great educational videos on this and other web application security areas, go check it out.
No comments:
Post a Comment