Sanitisation of user input is essential for preventing SQL injection, regardless of the format of the supplied data. Today I'm going to look at SQL injection through a more obscure injection point: serialized PHP arrays. Taking inspiration from a finding in a recent test, I've created a small app which allows the user to upload a CSV file. This file is then converted to a PHP array, serialized and returned to the user as a hidden form field. Finally, this is posted back to the application where the supplied data is inserted into the MySQL database.
Another ransomware attack hits, this time on a scale never seen before. The spread has gone viral across a large and crucial network – the network underpinning the UK's National Health Service.
There are three main differences between this attack and previous ransomware incidents.
Ever wondered if you're prepared for a cyber security incident? This week, one of our Directors, Gemma Moore, is guiding you through incident preparation and handling.
Follow us on Twitter for the mini-how-to series, and view the previous blogs here:
There is some confusion surrounding Cyber Essentials; what it is, why people need it and often there is a misinterpretation that Certifying Bodies are responsible for the schemes rules. Cyber Essentials is a relatively new certification. It has been mandated since October 2014 for UK government suppliers, although it is not limited to them, non-government organisations are encouraged to seek to obtain the certification.