+

Tagged With / 'sql'

March 1, 2008


AppliCure dotDefender and dotDefender Monitor

Applicure’s freeware tool dotDefender Monitor was highlighted in the latest SANS Top 20 Internet Security Risks as a tool to detect the latest emerging threat of vulnerabilities in web applications. Together with Applicure dotDefender it monitors and protects against internal and external attacks on web servers and web applications. Author: Einat Adar Source: Hakin9 3/2008 https://hakin9.org Quick start […]

Read more

March 1, 2008


Authentication and Encryption Techniques

This is a Part II of the Postgres series. While Part I demonstrated numerous attack vectors after a cracker has acquired a valid user name and password, the objective of this article is to present ideas that can be used to mitigate those threats using various authentication and encryption technologies that are available on Linux […]

Read more

February 1, 2008


The Justification for Authentication and Encryption

You will need to understand how to configure and compile Postgres from source code as many of the solutions requires that your Postgres server has the necessary libraries and capabilities installed that the typical Linux Distro may be lacking. Author: Robert Bernier Source: Hakin9 2/2008 https://hakin9.org What you will learn… Confronting the DBA with an unauthorized person […]

Read more

January 1, 2008


Secure Dual-Master Database Replication with MySQL

Due to the more common use of databases as a backend systems of web-applications, the overall importance MySQL increases. This freely available database is used for private web sites as well as small business applications. Such applications will often cross company boundaries. Author: Thomas Hackner Source: Hakin9 1/2008 https://hakin9.org What you will learn… How to configure SSL encrypted […]

Read more

December 1, 2007


SQL Injection Attacks with PHP and MySQL

There are a couple of common attack techniques used against the PHP/MySQL environment. SQL Injection is one of the most frequently used. This technique is about trying to push the application being attacked into a state where it accepts our input to manipulate SQL queries. Therefore, SQL Injection can be classified as a member of […]

Read more

May 1, 2007


Fuzzing XML

Fuzzing has more than proven its value to the web application security community; it provides invaluable results when used in pen testing efforts. This now seemingly classic art of Fuzzing data and protocols has a modern-day realm to wreak havoc, and provide benefit to, in XML. Author: Andres Andreu Source: https://hakin9.org Hakin9 5/2007 What you will learn… How […]

Read more

May 1, 2007


Remote Assessment Aanval 3

One of the challenges in modern security is what do you do with the data from your IDS probes and system logs. Aanval (pronounced anvil) is an event consolidation and correlation for syslog and the popular Snort IDS. It provides powerful consolidation, visualisation and reporting for security events from multiple sources. Author: Jim Halfpenny Source: https://hakin9.org Hakin9 5/2007 […]

Read more

April 1, 2007


Defending the Oracle Database with Advanced Security Features

There are some actual issues with Oracle Security. There is a new book The Oracle Hacker’s Handbook written by David Litchfield. It covers possible methods to attack the Oracle server. Some of the examples shown in that book based on traffic sniffing, direct access to Oracle’s Shared Global Memory, or just accessing the raw data files. […]

Read more

March 1, 2007


Oracle Database Server Security

This article is focused on Oracle Database Server Security. It is divided in three main parts. The First is about Oracle history, database products and architecture. The Second part is about basic methods of Oracle Hacking. The last part is about Oracle Defense methods. Author: Mikoláš Panský Source: https://hakin9.org Hakin9 3/2007 What you will learn… General information about […]

Read more

February 1, 2007


Fuzzing technique

Almost every single software contains bugs. Possibilities of discovering these have been in the center of developers and hackers interests for a long time. This article will give you an introduction to the theoretical basics and practical usage of an interesting approach called fuzzing. Author: Jared DeMott Source: https://hakin9.org Hakin9 2/2007 What you will learn… what fuzzing is, […]

Read more

February 1, 2007


Metasploit – exploiting framework

Do you want to know if your systems are really vulnerable? Do you want to use an easy mechanism to find out? Do you want to write your own exploits using high-quality framework? Do you want to save your money for better stuff than commercial vulnerability tools? If so, keep reading. Author: Michal Merta Source: https://hakin9.org Hakin9 1/2007 […]

Read more

January 1, 2007


Introduction to XPath Injection techniques

An XPath Injection attack involves employing manipulating XPath queries in certain ways in order to extract information from an XML database. It is a relatively new technique, which as one will be able to see further into the article, is similar to some degree to SQL injection attacks. Author: Jaime Blasco Source: https://hakin9.org Hakin9 1/2007 What you will […]

Read more

IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa