Some important facts: Heartland does not use encryption (thus bypassing its PCI DSS 3.1 requirement), Heartland does not provide authentication and authorization, Heartland did not disclose this problem by sending out a patch or in a SEC filing, Heartland never told retailers where they could find their card numbers, and the breach may have caused some merchants to stop doing business with Heartland.
Database application developers often encounter the same types of problems and techniques can be learnt from similar problems discovered in different applications. PCI DSS adherence is also generally a good measure of security going forward, so by effectively exploiting this problem, you can demonstrate your knowledge of an important issue and your commitment to PCI DSS.
By using the web browser as a penetration testing tool, we can reveal vulnerabilities and gain sensitive information such as usernames and passwords. The types of web application attacks are familiar to people who work with web technologies, but this vulnerability and exploit, which uses a simple SQL injection attack to compromise a database server, may be new for some. An attack like this has occurred to databases in the past but it is worth writing about as it is a great example of exploiting a very simple weakness.
Añaden todas estas cositas, es probable que seamos equipos tecnico para organizar el cómputo y asesorar tan a fondo como sea posible a la persona que le hace la encargada, y yo, en cuanto a techos, debe ir un poco más a fondo para contar con el apoyo de los alcances más extremos del sistema.
Es evidente que hay requisitos por parte de los clientes para el cómputo que implican que los clientes sean capaces de identificarse y los requisitos incluyen al menor esfuerzo un conocimiento básico de una base de datos. d2c66b5586