Three men, responsible for the largest data security breach in U.S. history, stole 130 million credit and debit card numbers from five leading companies. They took advantage of a coding error, and allegedly used a SQL injection attack to compromise a web application, which was used as the starting point to help them bypass company network firewalls and gain access over companies’ networks. One of the main problems large enterprises are facing is that although SQL injection errors are relatively easy to find, they are difficult and costly to fix. Developers need to have proper security skills, and keep security in mind when developing custom web applications. Although automated web vulnerability scanners such as Acunetix WVS must always be accompanied by manual penetration testing, they help developers in saving time in securing their web applications and sharpen their security skills, to develop secure web applications before they are pushed into a production environment.
Read the original here:
SQL injection used in the largest data security breach in U.S. history to date