1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today’s Internet world?
Remote File Inclusion (RFI) is an attack that targets the computer servers that run Web sites and their applications. RFI exploits are most often attributed to the PHP programming language used by many large firms including Facebook and SugarCRM. However, RFI can manifest itself in other environments and was in fact introduced initially as "SHTML injection". RFI works by exploiting applications that dynamically reference external scripts indicated by user input without proper sanitation. As a consequence, the application can be instructed to include a script hosted on a remote server and thus execute code controlled by an attacker. The executed scripts can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.
2. What country is the top host of SQL Injection and SQL Slammer infections? Why can’t the US Government do anything to prevent these injection attacks and infections?
China was by far the number one country hosting SQL-injection attacks with 54.4%. The firm said that it also saw a number of client-targeted attack attempts to exploit Flash and Acrobat reader due to the growing popularity of Adobe applications.
Remediating SQL injection vulnerabilities requires much more than simply understanding how to implement technical fixes. Development and security teams face numerous obstacles that can prevent them from adequately addressing the problem. And the sad fact of the matter is, if not addressed completely, web applications are still vulnerable. However, by understanding these challenges, organizations can begin to address them directly and better enable developers and security professionals to remediate SQL injection.
3. What does it mean to have a policy of Nondisclosure in an organization?
A non-disclosure agreement (NDA) is a signed formal agreement in which one party agrees to give second party...