CSOonline

JSON-based SQL injection attacks trigger need to update web application firewalls

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for ...
Linux Journal

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Drupal is a very widely used open-source content management system. It initially was released in 2001, and recent statistics show Drupal as the third-most popular content management system, with just ...
Dark Reading

SQL Injection Attacks Represent Two-Third of All Web App Attacks

Cyberattackers have several vectors for breaking into Web applications, but SQL injection continues to be by far their most popular choice, a new analysis of attack data shows. For its "State of the ...
Computerworld

Microsoft’s U.K. Web site hit by SQL injection attack

A hacker successfully defaced a page on Microsoft Corp.’s U.K. Web site on Wednesday, resulting in the display of several images, including a photograph of a child waving the flag of Saudi Arabia.
Infosecurity-magazine.com

SQL Injection and Cross-site Scripting Attacks Surge in Q3

Worryingly, integrated attacks on these applications are becoming more prevalent and automated as well, meaning that businesses should brace for a surge of new activity. Over the third quarter of 2013 ...
CRN

Review: Ajax's Hidden Security Threat and How To Fix It

The danger to IT organizations is that Ajax technology is being perceived as a direct pipeline into corporate data. That's pushing developers to inadvertently expose more data and server logic than ...