There was once a time when SQL injection attacks were used to steal information but in recent times we are seeing SQL injection attacks being used to store information. Whilst inserting data into a database doesn’t seem to be that threatening, when we consider the possibilities of just what can be inserted and the impact it can have on other users of the database it is a very sinister form of attack. Seccom Global recently analysed a real SQL injection attack that took place and the impact it had.

 A lot of information is stored in databases these days and in many cases we are actually using a database of some form without even knowing it. A huge number of web sites are merely front ends to national or international databases. If you have accessed Facebook, Paypal, SMH, eBay or Amazon then you are using a web driven interface to a SQL database. If you have any sort of e-commerce web site then you need to be conscious of the fact that you need to secure your web server, web applications, database server and databases.

Click the image below to DOWNLOAD