Skip to Content

MIT Technology Review

Sign in
Uncategorized

War Searching

Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually…
April 1, 2004

Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually manipulate the numerical gobbledygook at the end of some URLs to cause certain database programs to cough up data users aren’t authorized to see–a technique called SQL injection. In the white paper, programmers at Imperva detail their discovery that it is possible to use automated search-engine-like software to compile a list of every URL within a site that may be vulnerable to SQL injection, then use related tools to launch actual attacks against those addresses.



The Imperva engineers estimate that a hacker using this technique, which they dub “War Searching,“ would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet. The company’s main goal: to warn information technology managers that SQL injection attacks can be carried out automatically, not just manually.



Download the Imperva white paper here.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

Google DeepMind’s new generative model makes Super Mario–like games from scratch

Genie learns how to control games by watching hours and hours of video. It could help train next-gen robots too.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.