Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
By Kelly Jackson Higgins
Senior Editor, Dark Reading
A sneaky form of Web attack is emerging that masks the more popular methods used by attackers today.
Encoded SQL injection and cross-site scripting (XSS) attacks are becoming all the rage as Web defenses are getting better at catching these popular scripting attacks, according to WhiteHat Security’s Website security statistics report released today. “Your garden variety SQL and XSS is being replaced by encoded versions” of them, says Jeremiah Grossman, CTO of WhiteHat Security. “Any injection-style attack can be encoded using 100 different techniques and variations.”
Attackers have begun hiding the malicious code by encoding so they can keep using these old-school attacks, which organizations are getting better at detecting in the clear, says Grossman.
Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
By Kelly Jackson Higgins
Senior Editor, Dark Reading
A sneaky form of Web attack is emerging that masks the more popular methods used by attackers today.
Encoded SQL injection and cross-site scripting (XSS) attacks are becoming all the rage as Web defenses are getting better at catching these popular scripting attacks, according to WhiteHat Security’s Website security statistics report released today. “Your garden variety SQL and XSS is being replaced by encoded versions” of them, says Jeremiah Grossman, CTO of WhiteHat Security. “Any injection-style attack can be encoded using 100 different techniques and variations.”
Attackers have begun hiding the malicious code by encoding so they can keep using these old-school attacks, which organizations are getting better at detecting in the clear, says Grossman.
