Prepare yourself for "time bomb" exploits that attack web-based systems at a pre-determined time. . . .
Prepare yourself for "time bomb" exploits that attack web-based systems at a pre-determined time.

A recent whitepaper, Second-order Code Injection Attacks, by UK security consultancy NGS Software (NGS) explains how new techniques for attacking web-based applications alter the security landscape. Gunter Ollmann, professional services director at NGS, and author of the paper, explains: "Many forms of code injection targeted at web-based applications (for instance cross-site scripting and SQL injection) rely upon the instantaneous execution of the embedded code to carry out the attack. [But] in some cases it may be possible for an attacker to inject their malicious code into a data storage area that may be executed at a later date or time".

The link for this article located at TheRegister.co.uk is no longer available.