War Searching
Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually manipulate the numerical gobbledygook at the end of some URLs to cause certain database programs to cough up data users aren’t authorized to see–a technique called SQL injection. In the white paper, programmers at Imperva detail their discovery that it is possible to use automated search-engine-like software to compile a list of every URL within a site that may be vulnerable to SQL injection, then use related tools to launch actual attacks against those addresses.
The Imperva engineers estimate that a hacker using this technique, which they dub “War Searching,“ would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet. The company’s main goal: to warn information technology managers that SQL injection attacks can be carried out automatically, not just manually.
Download the Imperva white paper here.
Keep Reading
Most Popular

A quick guide to the most important AI law you’ve never heard of
The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.
If they ever hit our roads for real, other drivers need to know exactly what they are.

This is the first image of the black hole at the center of our galaxy
The stunning image was made possible by linking eight existing radio observatories across the globe.

The gene-edited pig heart given to a dying patient was infected with a pig virus
The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.
Stay connected

Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.