A couple of weeks ago I did a free webinar on Pluralsight titled Why SQL Injection Remains the #1 Web Security Risk Today (and what you should know about it). This is a rather self-explanatory title and it’s completely true – SQL injection remains a big thing and we keep getting it wrong. Like an example? Only 8 months ago, Drupal had a major vulnerability in their product. If you’re not already familiar with Drupal, it allegedly powers 2.1% of the world’s websites… including WhiteHouse.gov. But here’s the really scary bit from their announcement:
You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
Wait – so I go to bed and everything is fine then I get up and have to assume all my data has been sucked out or modified or, well, basically anything because that’s what SQL injection risks mean!? This is an enormously dangerous attack which is why the first Ethical Hacking course I produced for Pluralsight is on SQL injection. To kick it off, we decided to do the aforementioned webinar which is now available for everyone to watch for free right here.
If you’d like to watch the full course, then jump on over to Ethical Hacking: SQL Injection.