LDAP Injection

The amount of data stored in organisational databases has increased rapidly in recent years due to the rapid advancement of information technology. A high percentage of the data is sensitive, private and critical to those organisations, their clients, suppliers and partners.

Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitising user inputs first.

Compact & versatile: The quad-core 4-bay M.2 SATA SSD NASbook that provides quick and easy access to cloud storage

Compact & versatile: The quad-core 4-bay M.2 SATA SSD NASbook that provides quick and easy access to cloud storage

The compact, near-silent, and versatile TBS-453DX M.2 SSD NASbook is ideal for office meetings and multimedia applications. With CacheMount, you can map multiple cloud storages and enable caching to work with online files as fast as the files stored on your TBS-453DX

SQL injection

SQL injection

Although a common problem with web applications, this vulnerability can affect any application that communicates with a database management system via Structured Query Language.

A SQL injection occurs when the application fails to properly sanitize user-supplied input used in SQL queries. In this way an attacker can manipulate the SQL statement that is passed to the back-end database management system. This statement will run with the same permissions as the application that executed the query.

New 25GbE QNAP NIC

New 25GbE QNAP NIC

QNAP® Systems, Inc. today unveiled the new dual-port 25GbE QXG-25G2SF-CX4 and 10GbE QXG-10G2SF-CX4 network NICs. Featuring Mellanox® ConnectX®-4 Lx SmartNIC controllers, these cards can greatly boost file transfer speeds and also support iSER (iSCSI Extension for RDMA) to optimize VMware virtualization. Both cards are PCIe Gen3 ×8 and can be installed in a Windows®/Linux® PC or compatible QNAP NAS. 

The main steps of a penetration testing

The main steps of a penetration testing

There are different technologies and challenges during the penetration testings and they range between new web applications to relatively outdated systems. Most of known vulnerabilities such as SQL injections, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML injections, Security Misconfiguration and Path Traversal are usually found during a penetration testing.

QNAP Launches the TR-004

QNAP Launches the TR-004

QNAP® Systems, Inc. (QNAP), a leading computing, networking and storage solution provider, today launched the TR-004, a 4-bay hardware RAID storage expansion device that can be attached to PC or NAS via USB 3.0 Type-C. The multipurpose TR-004 can be used to add storage space to a QNAP NAS, and can also serve as hardware-based RAID storage for PCs and NAS. The TR-004 offers convenient cross-platform file sharing and high flexibility for users, acting as a high-efficiency and intuitive storage expansion option.