Feds demand for software standards could boost enterprise security networkworld.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from networkworld.com Daily Mail and Mail on Sunday newspapers.
The hacker retrieved the information via a SQL injection attack, in which an attacker enters commands in the SQL injection language to an online form or via URL parameters. These attacks, which are part of a general injection attack class listed as the No. 1 form of web application attack by the Open Source Web Application Security Project (OWASP), and attackers have been exploiting them for over a decade. We were aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit, said Gab CEO Andrew Terba in a blog post about the incident. We do not currently have independent confirmation that such a breach has actually taken place and are investigating.