With college campuses being hacked into on a seemingly daily basis, and student information being stolen and used for Identity Theft; I thought you might like to see how the hacks are being done, and how astoundingly easy they are. I have produced a video of a security audit I performed on a local college website that shows how easy these exploits are. There is also a brief training on the homepage that introduces non-experts to SQL injection concepts in a fashion that makes it easy to understand.
Below is the link to the video of me hacking into the college web site using SQL injection:
http://www.appiant.net/exploit.wmv
Other videos related to application security can be viewed from the home page as well: www.appiant.net
It's not available from the web page, but if you want to see the video of Microsoft's response to application security by securing the database:
http://www.appiant.net/sql_security.wmv
No, that video is not a fake; the entire video can be accessed from Microsoft's website - the original is over an hour long, I just edited it down to ~5 minutes so you could get the point in a shorter timeframe.
http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=31
Any questions, feel free to ask.
Regards,
Joel R. Helgeson
President
Appiant, Inc.
1402 County Road C2 W
Saint Paul, MN 55113
(952) 858-9111
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on May 26 2006
Intro
