SQL Injection through SQLMap Burp Plugin

SQL Injection (SQLi) is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.The underlying fact that allows for SQLi is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly.

For example, let us consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt. Here is a typical example:

select * from users where username=’admin’ and password=’admin123′;

If the attacker knows the username of the application administrator is admin, then he can log into the app as admin by entering the username as admin’– and without supplying any password. The query in the back-end looks like:

Select * from users where username=’admin’–’ and password=’xxx’;

Note the comment sequence (–-) causes the followed query to be ignored, so query executed is equivalent to:

Select * from users where username=’admin’;

Hence the password check is bypassed and the attacker is logged into the app as admin. SQL Injection can be tested in two ways – Manual Pen-Testing & Automation.

Read full articlehttp://www.securitylearn.net/tag/sqlmap-tutorial/

Hope this will help !!!!!

Deploying SQL Server databases alongside your application just got easier

When the time comes to deploy your application and database changes, ReadyRoll and Octopus Deploy make a great team.

ReadyRoll is a Visual Studio plug-in that automatically generates numerically ordered SQL migration scripts for you, so that you take your schema from one version to the next.

Use ReadyRoll to carefully prepare your database migrations – column additions, stored procedure changes, SQLCR assemblies, or static data.

Add the changes to version control, and then use Octopus Deploy to automate the release of your database and application deployments, all in one process.

Read more documentation – Here

Hope this will help !!!

Configuring IIS 7 compression

Using compression is the single most effective way to reduce page load times. The .aspx files sent by the server to the browser consist of HTML. HTML is highly compressible by algorithms such as gzip. Because of this, modern web servers including IIS 5 and later have the ability to compress outgoing files, and modern browsers have the ability to decompress incoming files.

Both IIS 6 and IIS 7 offer advanced compression related options that help you get better performance improvements for your web site and make better use of your servers and bandwidth. Unfortunately, these options are not always easy to access. This article series shows step by step how to unlock these options.

In the first article in this two part series, we’ll focus on configuring IIS 7 compression. If you are used to IIS 6, you’ll find that IIS 7 offers many new features, including the ability to cache not only compressed static files, but also compressed dynamic files. If you still use IIS 6, the next article in the series will show how to configure IIS 6 compression.

This article is based on chapter 10 Compression of my book ASP.NET Site Performance Secrets.

Read Full Article : Configuring IIS 7 compression By Matt Perdeck

Hope this will help !!!!!