An ebay Site is Vulnerable to SQL Injection
The eBay site in Southeast Asia is vulnerable to SQL Injection.
Sites such as ebay have certainly done a lot of internal security review and testing, but they are still vulnerable to classic SQL Injection vulnerability. How good is your application?
SQL Injection Through HTTP Headers
SQL Injection has been a popular attack for quite some time. Traditionally user inputs were only attacked by SQL Injection but as developers started using HTTP request headers as input fields, attackers also started attacking request headers for SQL Injection. This article has a good list of request parameters which can be attacked by SQL Injection
Study: 72% of Developers See 2012 as the Year of Hybrid Apps
As the study suggests, developers are seeing more hybrid application development. As the development platform of the application changes, new attack scenarios and vectors are emerging. To test your application with latest attack vectors, You can use NTOSpider to test your application in completely automated fashion
WOA watch out! Don’t forget about Web Services (Going beyond XSS & SQLInjection (SQLi)
If you walked the RSA floor this year in San Francisco as I did, you might agree with Neil MacDonald. Every other booth at RSA said something about security in the cloud. I joked on Twitter that the cloud sounded so secure that I just might move my family there. Neil has posted a new blog on cloud computing that asserts “Why Cloud Computing Could Be More Secure Than What You Have Today”. He explains that if a cloud service provider does its job well, their application could be as secure as an on-premise application. In his blog, he shows a chart from a recent study, comparing the number of security incidents between on-premise and cloud applications. This chart not only highlights the parity between on-premise and cloud attacks, but it also shows that web application security attacks as the 2nd most common type of attack in their study after brute force attacks. 71% of Alert Logic’s customers have had web application security breaches in the cloud and 65% have had web application security breaches with on-premise applications. Neil promises to continue to look for independent studies that show similar trends. We will look forward to continued insights from Neil as always. Complete URL: http://blogs.gartner.com/neil_macdonald/2012/03/31/cloud-computing-can-be-more-secure/