Posts Tagged ‘SQL Injections’

Newer Entries »

Web 2.0 Enabled Sites Wear a Target for Cybercrime

by FireHost Evangelist on July 24th, 2009

20TargetData compiled by Secure Enterprise 2.0 indicates that businesses who incorporate Web 2.0 functionality like social networks, wikis, and blogs are the most popular targets for hackers.

In fact, websites that incorporate these features accounted for 21% of hacking incidents reported in the first quarter of 2009. The top threats to “socially enabled” websites are SQL Injections (21% of attacks), Authentication Abuse (18%), and Cross Site Request Forgery – CSRF (8%).

“Businesses often use open source applications like Community Server, WordPress, and Drupal to integrate social features into their websites. Every enterprise deserves the ability to keep content fresh by using blogs and forums. It’s great for marketing and user retention. We help facilitate these mediums by addressing vulnerabilities in open source software all the way from module installation to hosting,” encourages FireHost CEO, Chris Drake.

FireHost CTO, Kevin Wall explains why a holistic approach to site development and hosting is important. (more…)

Tags: , , ,
Posted in: Security | No Comments »

USA Today: “SQL Injection Attacks Hit 450,000 a Day”

by FireHost Evangelist on March 20th, 2009

Modern cybercriminals are out to do harm. Simple as that. They penetrate vulnerable websites, steal private customer information, and commit identity theft every day. Hacker tools and methods of attack have become more sophisticated and wider in scope in recent months.

USA Today reports:

SQL attacks take aim at the database layer of websites. They typically were manual attacks designed to pilfer customer data from merchant websites. But last June someone figured out how to automate the attacks, and use them to plant infections. By mid-June, daily attacks spiked to 25,000; by October they topped 450,000 a day.

Holly Stewart, IBM ISS threat response manager, says the infections take advantage of security flaws in cool website features, such as online-delivered video, music, photos, documents and work files.

Giant financial institutions and online merchants have put up strong defenses, says Phil Neray, vice president of security strategy at Guardium, a database security firm. “The same is not necessarily true of regional banks and credit unions, smaller online retailers and state government agencies.”

FireHost is in business to address website security needs of the “smaller guys” Mr. Neray mentions above. It’s imperative your company respond to the threat of cybercriminals swiftly and effectively because SQL attacks strike governments and credit card companies every day. FireHost can help your company avoid the negative spotlight.

SQL attacks are preventable when your website, email, databases, and other applications are hosted with a security-focused web hosting provider. We’ve taken industry-leading measures to make enterprise-level security attainable for every business because we know that the last thing you need to do with your time is mitigate a high-profile website attack on customer information.

Most hosting providers don’t invest the resources required to maintain a prevention-focused, secure hosting environment. If your company does business online however, you owe it to your customers and employees to make sure their most important information is protected.

Here’s just a sample of what puts FireHost secure web hosting in a class of its own:

Network Layer Security
FireHost runs dual Sonicwall internet security devices, providing firewall redundancy for every client. This layer safegaurds websites, emails, and databases from unauthorized intrusions, like SQL attacks.

Application Protection
We also run a web application firewall to close the holes within your website’s applications, the entry-point for SQL attacks.

Vulnerability Monitoring
FireHost partners with McAfee to provide you with web-based website vulnerability auditing and remediation mangement, completing scans every fifteen minutes.

Register here to have a FireHost Security Agent perform a vulnerability report for your website. We will contact you shortly with the eye-opening results.

Tags: , , , ,
Posted in: Security | No Comments »

Why You Need SQL Injection Protection

by FireHost Evangelist on November 3rd, 2008

SQL Injections have website owners and developers running scared. If you haven’t heard of a SQL Injection, then you better listen up and hit Google university.

SQL Injections are the number one vulnerability exploited by hackers, by far. According to security vendor Sophos, 16,000 new websites are hit by the attacks every day. WordPress, Joomla, Drupal, .NET, classic ASP, PHPBB websites have all been hit with SQL Injections. Do NOT roll the dice on this one! Every web site big or small is vulnerable to injection by automated scripts attempting SQL-Injections through your webforms, dynamic URLs, etc.

This video from Graham Cluley of Sophos discusses the impact of a SQL Injection that hit BusinessWeek.

What can you do NOW to help secure your website?

  1. Ensure all logins use strong passwords
  2. Employ web form validation and/or CAPTCHA
  3. If you’re using a CMS or website platform, ensure it’s up-to-date (including all plug-ins)
  4. Ensure all components are current (ASPupload, etc)
  5. Use static URLs instead of dynamic URLs

FireHost takes SQL Injection protection to the next level by:

  1. Analyzing your website and web applications to assess the potential for SQL Injections and other hacking vulnerabilities
  2. Protecting your website using our secure and transparent Web Application Firewall
  3. Monitoring your website for new vulnerabilities

Tags: , , , , , ,
Posted in: Security | No Comments »

Newer Entries »