SQL INJECTION 1/12

RIEF
By Schuyler Dorsey, eLearnSecurity i ID Theft Protect

As usual specialists from companies eLearn Security
and ID Theft protect will share with us latest news from IT
security world. Read it to up-date yourself.

Practical Client Side Attacks
By Julio Gómez Ortega

In a penetration test, it is common not to pay attention to web vulnerabilities like XSS or XSRF. This is because people usually think about an alert message when speaking about XSS. The reality is that the client side web vulnerabilities can be a powerful way to access forbidden resources and information. You will learn how to take advantage of a XSS in a penetration test, different client side attack vectors and solutions to these vulnerabilities.

OpenSSH Good Practices
By Leonardo Neves Bernardo
This article will discuss how to install OpenSSH and increase the level of security using asymmetric key authentication. We will see how to centralize user authentication by using an LDAP server for retrieving public keys instead of ~/.ssh/authorized_keys. Finally, there are some
security tips that are very important to obtain a good level of security using OpenSSH.

Cyberwar: Defending a Country
By D. DAVID MONTERO ABUJA
Since the mid-twentieth century to our time, information technology has rapidly evolved. From ENIAC-1, with its’ huge size by today’s standards to the desktop with next-generation quad-core processors, only fifty years have passed.

Social Network Security part 1 &2
By Roland Koch and Steffen Wendzel
Social networking platforms such as Facebook or XING aim on collecting huge amounts of personal information about their users. In this first of two articles, we will highlight the risks linked to such social networking sites while the next article will focus on the protection methods which can be applied for enterprises and private users.

The Most Dangerous Attack Of Them All
By Gautam
Want to learn what is SQL Injection, different types of SQL Injection and how to protect from SQL Injection? All the attacks above use a very simple technique known as SQL Injection. SQL injection is an attack in which a website’s security is compromised by inserting a SQL Query in the website which performs operations on the underlying database. These operations are unintended by the website’s designer and are usually malicious in nature. Attackers take advantage of the fact that designers usually take SQL commands having parameters which are user supplied. The attacker instead of providing the normal user parameter inputs his SQL query which runs against the backend database. Let us go through an example. Consider a website which has a login page. The user enters his username and password on the login page. The underlying database query might look like this.

Why Can’t Online Banking Be Like Facebook?
By Drake
In my last column, we talked about some of the problems of pricing information security. This month, we look at a practical application of some of the challenges – specifically around online banking.

Secure your DNS
By Mervyn Heng
Do you trust your ISP’s DNS setup? I don’t! DNS is susceptible to attack by malicious entities to target innocent victims just like any other protocol. The solution is to engage OpenDNS as your trusted DNS service which is harnessed by home and enterprise networks globally.

INTERWIEV
Interview with Gord Boyce