Viruses Malware Hacking…

[Avatarbeinguk]

ANNU…You are indeed a light warrior having to fight the hackers, hopefully my dear friend this may shed some light on your problem…

http://www.acunetix.com/vulnerability-scanner/sql-injection-scanner.htm

Is your website vulnerable to SQL Injection attacks? Download Acunetix Web Vulnerability Scanner and find out today!

Hackers are on the lookout for SQL Injection vulnerabilities in YOUR web applications: Shopping carts, forms, login pages, dynamic content are easy targets. Beat them to it and scan your web applications with Acunetix Web Vulnerability Scanner:

* Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other vulnerabilities.
* Firewalls, SSL and locked-down servers are futile against web application hacking.
* Acunetix checks your web applications for coding errors that result in SQL Injection vulnerabilities.
* Acunetix also checks for other vulnerabilities in popular web applications such as Joomla, PHPbb.
* Acunetix identifies files with SQL Injection vulnerabilities allowing you to fix them BEFORE the hacker finds them!

How to check for SQL injection vulnerabilities

Securing your website and web applications from SQL Injection involves a three-part process:

1. Analysing the present state of security present by performing a thorough audit of your website and web applications for SQL Injection and other hacking vulnerabilities.
2. Making sure that you use coding best practice santising your web applications and all other components of your IT infrastructure.
3. Regularly performing a web security audit after each change and addition to your web components.

Furthermore, the principles you need to keep in mind when checking for SQL Injection and all other hacking techniques are the following: “Which parts of a website we thought are secure are open to hack attacks?” and “what data can we throw at an application to cause it to perform something it shouldn’t do?”.

Checking for SQL Injection vulnerabilities involves auditing your website and web applications. Manual vulnerability auditing is complex and very time-consuming. It also demands a high-level of expertise and the ability to keep track of considerable volumes of code and of all the latest tricks of the hacker’s ‘trade’.

The best way to check whether your web site and applications are vulnerable to SQL injection attacks is by using an automated and heuristic web vulnerability scanner.

An automated web vulnerability scanner crawls your entire website and should automatically check for vulnerabilities to SQL Injection attacks. It will indicate which URLs/scripts are vulnerable to SQL injection so that you can immediately fix the code. Besides SQL injection vulnerabilities a web application scanner will also check for Cross site scripting and other web vulnerabilities.

Signature-Matching versus Heuristic Scanning for SQL Injection
Whereas many organisations understand the need for automating and regularising web auditing, few appreciate the necessity of scanning both off-the-shelf AND bespoke web applications. The general misconception is these custom web applications are not vulnerable to hacking attacks. This arises more out of the “it can never happen to me” phenomenon and the confidence website owners place in their developers.

A search on Google News returned 240 matches on the keyword “SQL Injection” (at time of writing) since the 14th October. Secunia and SecuObs report dozens of vulnerabilities of known web applications on a daily basis. Yet, examples of hacked custom applications are rarely cited in the media. This is because it is only the known organisations (e.g. Choicepoint, AT&T, PayPal) that hit the headlines over the past few months.

It is critical to understand that custom web applications are probably the most vulnerable and definitely attract the greatest number of hackers simply because they know that such applications do not pass through the rigorous testing and quality assurance processes of off-the-shelf ones.

This means that scanning a custom web application with only a signature-based scanner will not pinpoint vulnerabilities to SQL Injection and any other hacking techniques.

Establishing and testing against a database of signatures of vulnerabilities for known applications is not enough. This is passive auditing because it will only cover off-the-shelf applications and any vulnerabilities to new hacking techniques will not be discovered. In addition, signature matching would do little when a hacker launches an SQL Injection attack on your custom web applications. Hack attacks are not based on signature file testing – hackers understand that known applications, systems and servers are being updated and secured constantly and consistently by respective vendors. It is custom applications that are the proverbial honey pot.

It is only a handful of products that deploy rigorous and heuristic technologies to identify the real threats. True automated web vulnerability scanning almost entirely depends on (a) how well your site is crawled to establish its structure and various components and links, and (b) on the ability of the scanner to leverage intelligently the various hacking methods and techniques against your web applications.

It would be useless to detect the known vulnerabilities of known applications alone. A significant degree of heuristics is involved in detecting vulnerabilities since hackers are extremely creative and launch their attacks against bespoke web applications to create maximum impact.

How can Acunetix help you in auditing your site for SQL Injection?
Acunetix was founded to combat the alarming rise in web attacks including SQL Injection and Cross-Site Scripting among others. Take a product tour to find out how Acunetix Web Vulnerability Scanner can help you or download the scanner today!

[ShyloLove]

Thanks Avatarbeing.

I’ve already used this scanner, and it told me my site was safe from cross site scripting (which is all it scans for!) 😀 I scanned all my sites using the free version, which doesn’t have even a shred of what the paid version has, however…the paid version is HIGHLY prohibitive cost wise so I just can’t purchase it yet. ($1445 US) Perhaps sometime in the future!

So for now, I am scanning my databases after downloading them. Minifang has been helping me too. Once I find the code, it shouldn’t be an issue as the site is otherwise protected with updated software and such. I’m sure it’ll figure itself out. The Universal Consciousness simply will not allow it’s website to be hacked into submission!

Much love,
Annu

[opalescent]

add Mercury retro to that… 😕

[Author]

Posts