Three men, responsible for the largest data security breach in U.S. history, stole 130 million credit and debit card numbers from five leading companies. They took advantage of a coding error, and allegedly used a SQL injection attack to compromise a web application, which was used as the starting point to help them bypass company network firewalls and gain access over companies’ networks.
One of the main problems large enterprises are facing is that although SQL injection errors are relatively easy to find, they are difficult and costly to fix. Developers need to have proper security skills, and keep security in mind when developing custom web applications. Although automated web vulnerability scanners such as Acunetix WVS must always be accompanied by manual penetration testing, they help developers in saving time in securing their web applications and sharpen their security skills, to develop secure web applications before they are pushed into a production environment.
Unfortunately, while hackers used to hack websites to measure their abilities, and for the thrill hacking brings along with it, nowadays, websites and web applications are a money making target. This is because most of these web applications form part of an organization’s perimeter network, and once compromised, they are used as a base to launch further attacks to gain access over an entire organization's network.