by Oliver Wai, Product Marketing Manager
The recent news of the capture of a Romanian Hacker (aka TinKode) who had allegedly published details of SQL Injection vulnerabilities discovered on targeted Pentagon, NASA, and Royal Navy brings SQL Injections back into the news cycle. SQL Injections may be one of the oldest techniques in a hacker’s toolkit, but it remains an effective tool against websites. For those who may not be familiar with SQL Injections, these essentially are database code snippets that are passed through web application forms so that the attacker can change the context of underlying application code in order to execute malicious commands against the database.
Developers today are well aware of the risks of SQL Injections and other vulnerabilities and many practice defensive coding methods to minimize the risk of vulnerabilities. However even with the recognition of the risk and training, it is still very difficult to produce 100% bulletproof web application code. This due to:
- Aggressive release or go-to-market schedule
- Complexity of the numerous languages required to build Web applications
- Use of different teams of people to develop different portions of the application
The prevalence of weaknesses such as SQL Injection may make you wonder why there isn’t more emphasis on the deployment of Web Application Firewalls (WAFs) by organizations to provide an additional layer of protection. While it is very important to use code scanners to identify & fix vulnerabilities at the source, advanced WAFs like the Barracuda Web Application Firewall provide a layer of dynamic protection against any potential vulnerability in your applications. The Barracuda Web Application Firewall with its Energize Updates (EU) infrastructure provide real-time protection against the latest Web application threats. Backed by Barracuda Labs, when new Web Application vulnerabilities are detected in the wild, Barracuda Central pushes out new security definitions that automatically update all Barracuda Web Application Firewalls worldwide.
In short, the Barracuda Web Application Firewall provides a dynamic security enforcement layer which prevents the exploitation of known and new vulnerabilities. This capability is available on all models of the Barracuda Web Application Firewall. To learn more about Barracuda’s Energize Update infrastructure, visit: http://www.barracudanetworks.com/ns/support/energize_updates.php
Tags: Code, SQL, Vulnerabilities
