Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

A View from Wade Roush

War Searching

Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually…

  • April 1, 2004

Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually manipulate the numerical gobbledygook at the end of some URLs to cause certain database programs to cough up data users aren’t authorized to see–a technique called SQL injection. In the white paper, programmers at Imperva detail their discovery that it is possible to use automated search-engine-like software to compile a list of every URL within a site that may be vulnerable to SQL injection, then use related tools to launch actual attacks against those addresses.



The Imperva engineers estimate that a hacker using this technique, which they dub “War Searching,“ would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet. The company’s main goal: to warn information technology managers that SQL injection attacks can be carried out automatically, not just manually.



Download the Imperva white paper here.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.