SQL injection is an attack on a web server which targets the database the web application is talking to. The aim of the attack is to trick the database server to run queries constructed by the attacker. These attacks can even effect database update or delete transactions.
Continue reading “Tech Terminology Demystified – SQL Injection”
A wrap up of some recent interesting information security news
Indian Websites defaced
As per the official information released by CERT-In (the Computer Emergency Response Team operating under the Department of Information Technology, Govt of India), in Feb 2009 47 Indian websites were hacked, while in March 2009 46 Indian websites were hacked.
This figure has jumped to an alarming 852 Indian websites in April 2009.
Refer the report at
Continue reading “Did you know that 852 Indian Websites were defaced in April 2009?”
A HTTP proxy can help you analyse the data that is sent back and forth between your browser and the websites you visit. It sits between your browser and the website you are visiting and it will hand you all the information that the browser is sending to the website. You have the option to even change the data that is being sent.
Continue reading “Webscarab – A Beginner’s Guide”
On the basis of data coverage, backups are of 3 types viz., full backup, differential backup and incremental backup. The following table gives a brief description of each backup type and also compares the backups in terms of backing up speed, restoration speed and storage space required.
Continue reading “Backup Types and Backup Rotation Strategy”
In many organizations, End users are generally found to have administrative privileges over their desktops and laptops. But this could turn out to be one of the most potent IT security risk faced by the organization. Continue reading “Cardinal Rule in IT Security – Remove admin rights for end users”
We all know what phishing attacks are and nobody falls prey to such attacks anymore. Right? Wrong.
Continue reading “Phishing attacks still a real threat”
Day in and out we are reading and listening to news about how lost and stolen data, Virus attacks crippling organizations, unauthorized software that may contain malwares and so on. While it is impossible to eliminate IT risks altogether, certain steps can aid in placing less reliance on the persons and processes and more on technology. At the end of the day it is better to Push Security to End Users than to expect compliance. Continue reading “It doesn’t matter where the weakest link is as long as it exists.”