As if they needed more stress, organizations are facing evolving and increasingly stringent compliance regulations from the Payment Card Industry, as well as Sarbanes-Oxley, HIPAA and others. Here are a few security compliance products that can make the audit process less excruciating.
Here are 10 of the distributor's hottest new offerings winning over solution providers.
New smartphones from Sony, Motorola and the first-ever Twitter-only mobile device -- the TwitterPeek -- headline a busy week for handset makers as the holiday shopping season heats up.
4 Tips for Stopping SQL Injection Attacks
1:52 PM EDT Tue. Sep. 04, 2007
Page 1 of 2
While many of the security solutions on the market attempt to plug the holes found on today's systems, it still comes down to deploying the proper solutions and understanding how those solutions work to be fully effective.
Some will say that there is little wrong with taking a reputable vendor's security promises at face value, but the question remains, what exactly is that vendor protecting a network from? Take for example the all too common SQL injection attack: What is it? How do you stop it? Are your customers vulnerable? Does your security product prevent it? These are all questions that should echo through the minds of network security solution providers. While we may not have the answers, we can surely understand what the attack is and how it compromises a system.
SQL injection attacks have been the bread and butter of system crackers since the first SQL database became Web-enabled. Why is that? Simply put, if you can break through the authorization challenge presented at log-on, you can access the data stored in the SQL database. In other words, all of a customer's data can be exposed to the wrong individuals. That may not be so important when talking about a database that stores model numbers and color codes, but when the data changes to credit card or social security numbers, the game changes.
While there are several different SQL server products on the market from players such as Microsoft, Oracle, MySQL and Postgres, an attack still starts at the same entry point: a browser-based form. That is where a hacker starts to explore the vulnerabilities. For example, any Web page that executes code (ASP, JSP, CGI or PHP) can be hijacked to pass a string of SQL statements to the database server. Another place to start is to look for any Web pages that allow you to submit data, such as a login page, search page, feedback, and so-on. In some cases, those HTML based pages use a POST command to send parameters to an ASP or script processing page. A dead giveaway is to look at the source code of the HTML page and locate the "FORM" tag and the "Post" command.
NEXT: How to spot trouble and what to do about it
