Analysis of the Havij SQL Injection tool

 
Havij, an automatic SQL Injection tool, is distributed by ITSecTeam, an Iranian security company. The name Havij means “carrot”, which is the tool’s icon. The tool is designed with a user-friendly GUI that makes it easy for an operator to retrieve the desired data. Such ease of use may be the reason behind the transition from attacks deployed by code-writing hackers to those by non-technical users. Havij was published during 2010, and since its, release several other automatic SQL Injection tools (such as sqlmap) were introduced. However, Havij is still active and commonly used by both penetration testers and low level hackers.     Havij traffic is easily ...

The Latest SQL Injection Trends

 
SQL injection attacks, in which malicious SQL statements are inserted into an entry field for execution, are one of the most common attack vectors across the globe. SQL injections exploit security vulnerabilities in an application’s software and can be used to attack any type of SQL database.   In the past year, Check Point has created several adjusted SQL injection protections for our IPS software blade. By analyzing the traffic that triggered these protections in networks monitored by Check Point’s Managed Security Service, we can see the current trends and patterns in SQL injection attack attempts.     SQL injection through ...