SQL Injection VulnerabilityThis was a site that was compromised by an SQL injection attack. Netsparker found the vulnerability and was able to detect the injected SQL code.
A user-agent injection vulnerability, uncovered using NetsparkerUpon testing a user-agent injection vulnerability at a site, Netsparker was able to recover the malicious code. No further action was required.
Bot AttacksMany penetration testers are occasionally confronted with the odd case of a bot attack. Often, this is the intruder trying to gain access to a privileged account. Bot attacks can be targeted at a specific website, an organisation or a specific individual. Netsparker was recently used to test a targeted bot attack against a large number of websites. The use of Netsparker to uncover vulnerabilities was restricted to our internal use only.
Over-secure organisations like yours can be a big pain. By implementing techniques such as XSS and SQL injection testing, as well as using behavioural or web application testing, you can avoid getting caught out in the event of a vulnerability.
Unbeknownst to me, when I was working on the InternetWatchdog video series, we actually used a few products to find injection vulnerabilities. One of those products was Tucows , a web hosting and domain service provider that I have used for years. 827ec27edc