• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
• White Papers & Articles
  • SQL Injection
  • Cross-Site Scripting
  • Directory Traversal
  • Public Hub Traffic
  • Modem Intruders
  • Infected Laptops
  • VPN Insecurity
  • Firewall Fallacies
• SSHredder Test Suite

Of further interest:

• NeXpose White Paper

Related services:

• Web Application Security Audit
• Web Application Security Training

SQL Injection

Seemingly innocent web applications that are abundant on the Internet and offer powerful, dynamic experiences for end user are the latest platform for hackers to use to gain access to corporate environments. SQL injection has gained a lot of media attention because it is used for identity theft.

SQL injection is a server-side attack technique used to exploit web sites by inserting a series of unauthorized SQL statements into a Web application that requests user input and then builds dynamic SQL queries. Susceptible applications are those that take direct user input to generate dynamic SQL statements that are run against the database without properly sanitizing the input. When an attacker successfully alters the construct of the SQL statements, they are then able to run processes with the same permissions as the database server, web server or web application server. The objective of this attack is to fool the database system into running malicious code that could result in considerable damage of your web server to complete system and data compromise.

Implications of SQL Injection?

The implications of a SQL injection vulnerability will vary widely depending on the database being accessed and the configuration of that database. It is possible through a SQL injection attack that the hacker could access all records in the database, delete the tables, create new tables or other actions that would provide easy access to information.

How NeXpose Helps

Manually testing web applications for cross site scripting vulnerabilities takes more effort than one might expect since every parameter of every script needs to be tested. NeXpose has enhanced its scanning technology with JavaScript and AJAX aware vulnerability scanning for client-side issues such as SQL injection, simplifying the process of finding and fixing web application vulnerabilities.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact