A researcher at Core Security Technologies Inc. has developed a new automated hacking technique that enables hackers to easily seek out and exploit SQL injection vulnerabilities, common coding errors being widely exploited by attackers. The research, conducted by Core researcher Sebastian Cufre, could aid vulnerability hunters by speeding up the discovery of SQL injection vulnerabilities so they can be fixed before attackers use them. Cufre couldn't attend the conference, so CoreLabs researcher Fernando Federico Russ demonstrated the black-box technique at the 2010 CanSecWest Applied Security Conference. "This helps find and exploit SQL injection vulnerabilities in an automatic way," Russ said. "The coolest ...