sql

AppliCure dotDefender and dotDefender Monitor

Applicure’s freeware tool dotDefender Monitor was highlighted in the latest SANS Top 20 Internet Security Risks as a tool to detect the latest emerging threat of vulnerabilities in web applications. Together with Applicure dotDefender it monitors and protects against internal…

Authentication and Encryption Techniques

This is a Part II of the Postgres series. While Part I demonstrated numerous attack vectors after a cracker has acquired a valid user name and password, the objective of this article is to present ideas that can be used…

The Justification for Authentication and Encryption

You will need to understand how to configure and compile Postgres from source code as many of the solutions requires that your Postgres server has the necessary libraries and capabilities installed that the typical Linux Distro may be lacking. Author: Robert…

Secure Dual-Master Database Replication with MySQL

Due to the more common use of databases as a backend systems of web-applications, the overall importance MySQL increases. This freely available database is used for private web sites as well as small business applications. Such applications will often cross…

SQL Injection Attacks with PHP and MySQL

There are a couple of common attack techniques used against the PHP/MySQL environment. SQL Injection is one of the most frequently used. This technique is about trying to push the application being attacked into a state where it accepts our…

Fuzzing XML

Fuzzing has more than proven its value to the web application security community; it provides invaluable results when used in pen testing efforts. This now seemingly classic art of Fuzzing data and protocols has a modern-day realm to wreak havoc,…

Remote Assessment Aanval 3

One of the challenges in modern security is what do you do with the data from your IDS probes and system logs. Aanval (pronounced anvil) is an event consolidation and correlation for syslog and the popular Snort IDS. It provides…

Oracle Database Server Security

This article is focused on Oracle Database Server Security. It is divided in three main parts. The First is about Oracle history, database products and architecture. The Second part is about basic methods of Oracle Hacking. The last part is…

Fuzzing technique

Almost every single software contains bugs. Possibilities of discovering these have been in the center of developers and hackers interests for a long time. This article will give you an introduction to the theoretical basics and practical usage of an…

Metasploit – exploiting framework

Do you want to know if your systems are really vulnerable? Do you want to use an easy mechanism to find out? Do you want to write your own exploits using high-quality framework? Do you want to save your money…

Introduction to XPath Injection techniques

An XPath Injection attack involves employing manipulating XPath queries in certain ways in order to extract information from an XML database. It is a relatively new technique, which as one will be able to see further into the article, is…