GUI Tool Reveals SQL Injection Vulnerabilities
GUI Tool Reveals SQL Injection Vulnerabilities
Written by Kay Ewbank   
Wednesday, 14 December 2011

A free utility that you can use to demonstrate SQL injection vulnerabilities in web apps has been released by web security specialists, NT OBJECTives.

NTO SQL Invader is interesting because it isn't designed to find the vulnerability; instead, the aim is to give you a way to show how the vulnerability could be exploited.

 

NTObjectives

 

The announcement of the utility explains the need for the tool by saying that when a vulnerability has been detected, it has been difficult to work out if it can actually be exploited. The reasoning is that most existing SQL Injection testing tools are executed from a command line and “lack an intuitive user interface”. In other words, if you can’t show the problem in a pretty web page, people won’t really believe it exists. As the announcement says:

“without the ability to clearly demonstrate the exploitability of a vulnerability, remediation efforts are often delayed and friction between security and development teams surfaces.”

Who’d have thought it?

NTO SQL Invader, by contrast, lets you make use of the vulnerability to show the list of records, tables and user accounts on the back-end database. This can then be used, says NT OBJECTives, in “executive meetings and remediation discussions.” The announcement goes on to say that because the data is shown in this way, it is easy for both technical and business viewers to understand.

So the underlying message is that even if you show executives the results of a command line tester, they’ll ignore it, but show them a really professional looking screenshot and they’ll take notice.

Sad, but probably true.

 

sqlinvader

More Information:

NTO SQL Invader Download

 

To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter or Facebook or sign up for our weekly newsletter.


 

Banner


A Flaw In Turing's Test? No A Flaw In Academia
09/07/2016

There is a flaw in the Turing test. An AI agent that pleads the 5th can, by remaining silent, convince a judge that it is human and hence pass the test... If you are not rolling on the flaw laughing t [ ... ]



BBC Micro:bit Now On Sale and Shipping
16/07/2016

The micro:bit is a remarkable device capable of taking on a variety of roles. Until now it has been the preserve of school children, with one million given away free, via secondary schools. But if you [ ... ]


More News

Last Updated ( Wednesday, 14 December 2011 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2016 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.