David Maciejak Fortinet
Guillaume Lovet Fortinet
download slides (PDF)
Looking back, the past year has seen botnet-powered SQL injection attacks reaching a rampant level, sparing no category of websites in their malicious code injection campaigns. With several millions of reported attempts from several hundreds of thousands of IP addresses, and successfully compromised websites ranging from MTV to the Canadian National Defence, few other threats can boast as high a profile.
This paper dissects the attack at a fairly technical level, elaborates on its evolution up to now, and discusses the protection and mitigation strategies relevant to its class.