Posts

SQL Injection Flaws on Web Sites leads to Biggest Data Breach in History

A Russian Cyber Gang, Dubbed CyberVors by Hold Security (who identified the data breach), have stolen over 4.5 Billion Records, mostly containing user credentials from over 420,000 Web and FTP sites.  This represents the largest known data breach in history with dire implications. The CyberVors accomplished this gaining control of a botnet network (a large group of virus-infected computers controlled by 1 criminal system) which they used to identify SQL vulnerabilities on the sites they visited.

How you to protect yourself and your company.

Individuals – Change your credentials using strong passwords.  See this PC Magazine article for some best practices – Creating Strong Passwords

Companies – Check your web site(s) for vulnerabilities.  The CyberVors found sites vulnerable to  SQL Injection.  SQL Injection is one of the most common vulnerabilities found on web sites.   Alliance Technology Partners specializes in Web Security and is the Acunetix Preferred Partner.  We sell, train, and consult IT and Security professionals on how to use Acunetix.  We have the only security engineers directly trained by Acunetix in the US.  We also offer Our Pen Testing and Audit Services.

About Alliance Technology Partners Alliance is IT Solution provider based in St. Louis that specializes in web security.  We help Fortune 1000 and the Government (Federal, State, and Local) secure their web sites.  We offer Web Vulnerability Software (Acunetix) as well as our expertise to assist our clients in their mission to secure their networks.  We offer training and ongoing consulting options.

Why we chose the Acunetix Web Vulnerability Scanner

We at Alliance have help our clients with their IT security for several years and came across Acunetix in 2007.  We immediately saw value in the product.  We had been using open source tools (like BURP, which are still helpful) but Acunetix has some big advantages.  Acunetix is much more efficient and offers a full range of features.  It is also highly configurable so you can perform scans that require authentication and do it in a safe and thorough way.  It also tests for the latest vulnerabilities, which is crucial.  Many open source tools are unreliable and take more time.   Another major advantage of Acunetix is price.  It is substantially less expensive that other tools, yet Acunetix continues to innovate and remains a leader in the Web Application Security space.

Here’s some important features we like about the Acunetix Web Vulnerability Scanner –

  • AcuSensor Technology
  • Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
  • Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
  • Visual macro recorder makes testing web forms and password protected areas easy
  • Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
  • Extensive reporting facilities including PCI compliance reports
  • Multi-threaded and lightning fast scanner – processes thousands of pages with ease
  • Intelligent crawler detects web server type, application language and smartphone-optimized sites.
  • Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
  • Port scans a web server and runs security checks against network services running on the server