Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 5

Displaying posts with tag: xss (reset)

How To Fight Clickjacking (Using The Recent Twitter Hijacking As An Example)
+0 Vote Up -0Vote Down


Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function (credit: Wikipedia).

Clickjacking is hard to combat. From a technical standpoint, the attack is executed using a combination of CSS and

  [Read more...]
Database Security Using White-Hat Google Hacking
+0 Vote Up -0Vote Down

Here are the slides and links I am using for the “Database Security Using White-Hat Google Hacking” at the 2008 MySQL Users Conference and Expo.

pdf slides

Where to Start:

for the impatient

Google’s Terms of Service
Google Operators

More Googlehacks to run:
Page 35 of

  [Read more...]
We did talk about Web-2.0 Security
+0 Vote Up -0Vote Down

On Tuesday our CIO, Johann-Peter Hartmann, gave a Web-seminar about security issues in the Web 2.0 era. We had about 140 participants and some very good questions in the following Q&A Session. We would like to thank you for the response and also we´d like to thank Jürgen from MySQL, our webinar-host.

We uploaded our slides as promised. To download them, click here.

If you missed the Web-Seminar you get a chance to see the recording of it here (
But be aware: It´s in german!!!

For english readers/speakers: Johann held an english security talk some time ago. Find it here

  [Read more...]
Web-2.0 Security
+0 Vote Up -0Vote Down

Hi Folks,

This is an announcement for a webinar in German. Therefore only written in German. If you are interested in the security topic be sure to see the english webinar, which is stored here. (


Web-2.0-Anwendungen absichern

Die verbesserte Einsatztauglichkeit der Web-2.0-Anwendungen wird auf Kosten von neuen Sicherheitsproblemen erworben. Sowohl die mächtige Logik im JavaScript als auch der permanente Login auf vielen Sites bergen Risiken, die anders und gezielt beantwortet werden müssen. Dieses Webseminar gibt einen Überblick, bewertet die Probleme und stellt Lösungswege vor.

Wenn Sie Web 2.0- und AJAX-Anwendungen entwickeln, ist dieser Vortrag genau das Richtige für Sie! Hier erfahren

  [Read more...]
Code Inclusions on a Silver Plate
+0 Vote Up -0Vote Down

Looking for code inclusions?
The versatile google cluster has a solution for this, like for many other tasks.
This search

lang:php \secho\([^)]*_REQUEST[^)]*\);
lets You find various places where some variable from the superglobal $_REQUEST is printed with echo. By the same means, you can easily find places where such a variable is directly included in an SQL query, for instance with
lang:php \smysql_query\([^)]*_REQUEST[^)]*\);
This alone yields 50 results for each

  [Read more...]
Showing entries 1 to 5

Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.