An SQL injection needs just two conditions to exist – a relational database that uses SQL, and a user controllable input which is directly used in an SQL query. In the example below, it shall be assumed that the attacker’s goal is to exfiltrate data from…
New Joomla! SQL Injection vulnerability gives attackers full control of your website
A high-severity SQL injection vulnerability has been identified in versions 3.2 through to 3.4.4 of Joomla!. The popular Content Management System (CMS), second only to WordPress with a staggering 6.6% CMS marketshare (as of October 23, 2015, based on a W3Techs’ trend reports runs on an estimated…
Get tested during Cyber Security Awareness Month
It is October again, and that means that it is a better time than ever to set aside some time to gather the relevant troops inside your organization to evaluate your information security posture – because October is National Cyber Security Awareness Month! Since its…
In the headlines: Flash and Chrome patches, Dridex botnet, WP Akismet and more
Flash Zero Day receives emergency patch Poor old Flash is in the headlines again, and this time for a zero-day flaw which is being actively exploited. Reported by a researcher and the Google Zero Day project, no details of the vulnerability have been disclosed but…
Secureworld St. Louis Cybersecurity Conference highlights
Alliance Technology Partners and Acunetix recently exhibited at America’s Center Convention Complex for St. Louis SecureWorld 2015. Over the past decade SecureWorld has emerged as one of North America’s most vital cybersecurity conference, providing globally relevant education, training and networking for cybersecurity professionals on a regional…
Visit Acunetix at Gitex Technology Week 2015
Comguard, the Acunetix distributor based in Dubai, will be participating in GITEX 2015 between the 18th and 22nd October 2015. Now in its 35th year, Gitex is heralded as one of the largest and most important ICT events around the globe. Alive with the energy of the…
Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015
Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner’s 2015 Critical Capabilities for Application Security Testing Report Gartner, Inc., the leading provider of research and analysis on the global information technology industry, has recognised Acunetix as a challenger, assigning Acunetix Web…
SQLi part 2: What’s the worst an attacker can do with SQL?
SQL is a programming language designed for managing data stored in an RDBMS, therefore SQL can be used to access, modify and delete data. Furthermore, in specific cases, an RDBMS could also run commands on the operating system from an SQL statement. Keeping the above…
The 2015 Cost of Data Breach analysis by Ponemon Institute
A joint report analysing the cost of data breaches has been released by IBM and Ponemon Institute. Having surveyed 350 companies globally, they’ve found that the average cost of a data breach is increasing, having gone from $3.52m in 2014 to $3.79m in 2015. The…