Mike Chapple is a teaching professor of IT, analytics and operations at the University of Notre Dame. On Dec. 26, 2007, Albert Gonzalez, a 28-year-old resident of Miami, launched an attack against the ...

Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame. On Dec. 26, 2007, Albert Gonzalez, a 28-year-old resident of Miami, launched an attack ...

While different security researchers may haggle over the exact ranking of SQL injection attacks compared to other common maladies, such as XSS and CSRF, few would deny that SQLi and its other ...

An important aspect of database security is designing your applications to avoid SQL injection attacks. SQL injection is a form of web hacking whereby SQL statements are specified in the fields of a ...

A new tool is making the rounds on the criminal underground. Called Katyusha Scanner, this is a hybrid between a classic SQL injection (SQLi) vulnerability scanner and Anarchi Scanner, an open-source ...

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...

Immortalized by “Little Bobby Drop Tables” in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Ten lists ...

‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in. An SQL-injection vulnerability ...

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. Threat actors have been caught ...