123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Websites Face Sql Injection Attack

Profile Picture
By Author: eccuni
Total Articles: 211
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Recently, millions of web pages across the world suffered a massive SQL injection attack. The attack was first identified by Internet security firm Websense. Attackers injected SQL commands into the associated databases of websites by exploiting weaknesses in web applications. The code was designed to redirect users to different fake websites. Security researchers at Websense have termed the attack as ‘LizaMoon’ attack as that was one of the first websites to which victims were redirected. The redirected website warns the victims that their computer systems have been infected with malware and viruses. The site provides a link to download a fake anti-virus program called ‘Windows Stability Center’ and identifies itself as a Microsoft product to appear genuine to the users.

Once unwary users click on the link, they may inadvertently download malware in their computers instead of anti-malware software. Users are enticed to subscribe to a six month, 1 year or lifetime subscription of the fake software by displaying special discount offers. Unwary users, who choose to subscribe to the full version, may also compromise ...
... sensitive information such as names, addresses, contact numbers, e-mail addresses, credit card numbers, credit card expiry dates, card verification number and card verification code. According to a preliminary research by Websense, while majority of the visitors to the malicious website lizamoon.com hailed from United States (U.S), the site registered visits from all regions of the world. Security researchers are still investigating the attack and some of the domains used by the attackers to sell the fake software have been shut down.

Attackers are always on the lookout to exploit vulnerabilities in websites and web applications to dupe unwary Internet users. Lack of proper input validation is one of the major causes for the current spate of SQL injection attacks. Web applications that do not have filters to sanitize input for eliminating malicious commands are more vulnerable to such attacks. Organizations must scrutinize websites and applications for weaknesses and threat vectors at regular intervals. Developers must evaluate the security flaws in web applications and mitigate them to avoid exploitation by attackers. Professionals qualified in computer science degree and secured programming may help in identifying and mitigating programming errors. All inputs must be validated. Limits must be enforced on type and size of data entered. Inputs containing comment characters, escape sequences and binary data must be rejected or restricted. Use of parameterized queries and multiple layers of validation may help in prevention of SQL injection attacks.

Web application firewalls and web application scanners could help web administrators in understanding the vulnerability of websites to SQL injection attacks. E-learning and online university degree courses could help IT employees to update themselves on latest threats and preventive measures.

Video tutorials, online degree programs, security blogs and advisories may create cyber security awareness among Internet users. Users must download genuine security software by directly visiting legitimate websites. They must be vary of pop-ups warning of malware threat and desist from clicking on any links provided on them. Adherence to security guidelines, advisories and updates may help users to safeguard their systems.

Total Views: 348Word Count: 513See All articles From Author

Add Comment

Computers Articles

1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise Servers
Author: Server Tech Central

2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp

3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing

4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp

5. How To Start Your Website Redesign Project?
Author: brainbell10

6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam

7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp

8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp

9. How To Setup And Create Instagram Ads?
Author: brainbell10

10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap

11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10

12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10

13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp

14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10

15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: