ang3lus
asked on
SQL injection for Apach HTTP server
as i read in security sites, there is a dramatic increase in security issues like vulnerabilities that allow attacker to use them in bad ways. one of the newest threat that i read is vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 for Apache server which allow hackers to perform sql injection.
can any one explain how this threat happened and how attacker or hacker use it to start attack ?
Much prefer comments than links. most websites that i found in Google don't mention enough information.
thanks
can any one explain how this threat happened and how attacker or hacker use it to start attack ?
Much prefer comments than links. most websites that i found in Google don't mention enough information.
thanks
ASKER
Hi
i am not ask about hacking. i am just need help to find good source to analysis this vulnerability. and suggested solution to mitigate risk.
thanks
i am not ask about hacking. i am just need help to find good source to analysis this vulnerability. and suggested solution to mitigate risk.
thanks
1. Make sure that you always have the latest Patches installed.
2. Conduct periodic External Penetration Testing on your site/systems/db
3. Input Validation and Output sanitation is a must while developing interfaces.
4. Also, As I mentioned earlier, Web Application Firewalls can protect you to an extend.
Eg. Barracuda WAF - http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php
2. Conduct periodic External Penetration Testing on your site/systems/db
3. Input Validation and Output sanitation is a must while developing interfaces.
4. Also, As I mentioned earlier, Web Application Firewalls can protect you to an extend.
Eg. Barracuda WAF - http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you wanna know more about these things, you may attend SAN's GPEN course or CEH course , so that you can get more information about these tricks, so that you can do your own Vulnerability analysis/Pentests to protect your Server.
By the way, You should think of deploying a Web Application Firewall which can protect you to an extend from these kind of threats.