[Owasp-Colombia] Aumentan los ataques por SQL Injection

German Alonso Suárez Guerrero german.suarez at owasp.org
Wed Oct 31 14:26:36 UTC 2012

Buenos días,

Quiero compartirles este link en el que comentan como se han incrementados
los ataques por SQL Injection y como Facebook y Twitter son objetivos fijos
para este tipo de ataques.

Link original :http://news.techeye.net/security/sql-attacks-on-the-rise


German Alonso Suárez Guerrero
OWASP Bogotá Chapter Leader

SQL attacks on the riseReport notes black market for social networking fraud
30 Oct 2012 10:58 | by Nick
Farrell<http://www.techeye.net/about-us/nick-farrell> in
Rome | Filed in Security <http://www.techeye.net/security>

   - 0 Comments<http://news.techeye.net/security/sql-attacks-on-the-rise#comments>

submit to reddit]<http://www.reddit.com/submit?url=http://www.techeye.net/security/sql-attacks-on-the-rise><http://news.techeye.net/security/sql-attacks-on-the-rise#>
[image: SQL attacks on the rise -]

*A new report into* hacker antics claims that SQL injection is becoming a
hot topic among the black hats.

The report, prepared by insecurity experts at Imperva, said that questions
on hacker forums focused on training and tutorials for data theft
techniques such as SQL injection are on the up.

However, the report, with the catchy title Intelligence Initiative report,
"Monitoring Hacker Forums," notes that less than five percent of IT budgets
include products to mitigate attacks in the data centre.

Amichai Shulman, Imperva's CTO, said that by examining what information
hackers share in these forums, it is possible to understand where they are
focusing their efforts.

The answer is that organisations ignore SQL injection security at their
peril as hackers are placing more focus on those attacks.

Currently Denial of Service and SQL injection are the most popular attack

One of these two attacks are used 19 percent per cent of the time.

However, Gartner's <http://news.techeye.net/company/gartner> Forecast:
Security Infrastructure Worldwide, 2010-2016, 2Q12 Update shows $25 billion
was spent on security software and network equipment in 2011. This is less
than five percent of security budgets allocated to products that mitigate
SQL injection attacks.

Hackers are also trying to push into social networking sites. Imperva found
that Facebook <http://news.techeye.net/company/facebook>, at 39 percent,
and Twitter <http://news.techeye.net/company/twitter>, at 37 percent, were
the most frequently discussed social networks.

In reviewing social network related posts, Imperva observed a black market
for buying and selling illegitimate social network likes, followers, and
endorsements, with particular attention given to the origin of these likes
and followers.

Most of the hacker forums were training newbies. More than 28 percent of
posts were related to beginner hacking and hacker training, while another
five percent related to hacking tutorials.

Both aspiring and veteran hackers frequent forums to exchange techniques,
build credibility and report their hacking successes, the report said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-colombia/attachments/20121031/6c3bc8a7/attachment.html>

More information about the Owasp-Colombia mailing list