Common Exploits. Aaron Cure Cypress Data Defense. SQL Injection. What is it? The inclusion of portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).
Cypress Data Defense
Permits an attacker to hijack a valid user session. When authenticating a user, the web application doesn’t assign a new session ID, making it possible to use an existing session ID.Session Fixation