Database security: SQL Injections

Contributed by Josh Russell
In this paper I will be discussing the topic of securing databases. The importance of securing servers with databases, is that there is a lot of person or sensitive data store on it. In today’s world, almost everything is stored online. People pay bills and shop on different sites. Sites like amazon that store your credit card number and home address stored on the site. All this information is stored on a database. Securing these devices is very important to many organizations and companies. I will be talking about the top ways to secure a database server. We will be discussing monitoring threats that face web application with database. Some of the top threats like Malware, SQL injection attacks, and user error. This paper will cover the basic ways to secure and defended against these attacks.
This document is in PDF format. To view it click here.


An Exploration of Injection Attacks

Contributed by Chris Choyce
This paper will define and analyze injection attacks and dive into why the attack surface is one of the largest available for adversaries. There are several types of injection attacks and they all involve the manipulation of code at a public available “doorway” to the data store that is threatened. The two most common types of these attacks are (Cross-Site scripting) XXS and a (structured query language injection) SQLi. We will talk about both along with Hyper Test Transport Protocol (HTTP) host header attacks, (Lightweight Directory Access Protocol) LDAP injections, code and OS injections. This paper will discuss what each attack does and some potential impacts that can be gained from such an attack as well as what the best practices are to secure against injection attacks.
This document is in PDF format. To view it click here.


Drive-By Download Attacks

Contributed by Coley J. Stevens
Over the past few years, we seen the rise of drive-by downloads. Drive-by download attacks are malicious automated programs, that are employed on systems without the user’s permission or knowledge. Today, this method is one of the most common ways malware is spread. In this report we will learn about how drive-by downloads operate and the different methods used to implement drive-by downloads. Readers will also get to see how detrimental these attacks can be with some real-life examples. To end the report, we will look into a few ways to prevent drive-by downloads from doing serious damage and to better prepare readers to not fall victim to the process of the attacks.
This document is in PDF format. To view it click here.


SQL Injection Attacks: What They Are and How to Secure Against Them

Contributed by Jonathan B. Mcleod
There are many threats these days that IT security Professionals have to protect against when maintaining applications that are accessible over the Internet.  One of the most common attacks against web applications is SQL injection attacks.
This document is in PDF format. To view it click here.


X86 processor architecture vulnerabilities and Intrusion Detection and Prevention

Contributed by Timothy E. Robinson


Subscribe to RSS - Exploitation