Week 11 Reading Summary, Question, and recent Cyber Security News…

1. Summarize one key point from each assigned reading…

Regarding SQL code injection attacks, hackers would input unexpected characters/text-strings/commands into an online system (front-end)… in order to exploit possible SQL db system (back-end) vulnerabilities (map db system, bypass authentication, write new info [create user accounts], copy/extract db data, etc.) In order to find SQL injection vulnerabilities, one can just input unexpected characters (‘   ;   “   —   AND   OR), and then check the online system output results (system errors, output changes, etc.) Additionally one can perform automated exploitations using the software tool “SQLmap”; however, manual methods make for a more knowledgeable SQL injection hacker.

2. Question to classmates (facilitates discussion) from assigned reading…

Which SQL-based db technology (Microsoft SQL, open-source MySQL, Oracle SQL, etc) has more SQL injection vulnerabilities?

*Answer: All outdated SQL-based db technologies have vulnerabilities, and always best for DBAs to configure/maintain SQL dbs with the most updated SQL db technology. Also DBAs should always perform SQL db data input validation checking/testing prior to enabling production online systems.

3. Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…

Attackers used SQL injection flaw to attack Joomla (reported on eHackingNews.com 11/2/2015)…

www.ehackingnews.com/2015/11/attackers-used-sql-injection-flaw-to.html

… SQL injection flaws found in v3.2 – 3.44 of Joomla (popular open-source content management system) where remote user hackers could gain full admin access… to then execute additional attacks. After only four (4) hours of the Joomla critical patch release, hackers had already began Joomla system exploits. Web admins from more popular online sites must quickly (within a few hours after vulnerability info released online) upgrade their Joomla systems in order to help thwart these type of SQL injection attacks!