"I'd heard of sqlmap but I didn't realize it was so good that you can just hand it a URL that hits the database and the tool basically figures out from there how to dump the database contents if there's any SQL injection vulnerability."
If there's one lesson I'd convey to people about security it is do not underestimate your foes. They've been building tools for decades just like any other discipline.
Tech to find a hole in your system that lets you run an arbitrary-but-constrained fragment of shell code that can put a small executable on to the system that puts a larger executable on that lifts itself up to root and also joins a centralized command-and-control server with the ability to push arbitrary code across entire clusters of owned systems is not some sort of bizarre, exotic technology that people only dream of... it's off-the-shelf tech. It's a basic building block. Actually sophisticated attackers build up from there.
If $YOU're operating on the presumption I see so often that the script kiddies blind-firing Wordpress vulnerabilities at servers is the height of attacker's sophistication $YOU are operating at an unrecoverable disadvantage against these people.
If there's one lesson I'd convey to people about security it is do not underestimate your foes. They've been building tools for decades just like any other discipline.
Tech to find a hole in your system that lets you run an arbitrary-but-constrained fragment of shell code that can put a small executable on to the system that puts a larger executable on that lifts itself up to root and also joins a centralized command-and-control server with the ability to push arbitrary code across entire clusters of owned systems is not some sort of bizarre, exotic technology that people only dream of... it's off-the-shelf tech. It's a basic building block. Actually sophisticated attackers build up from there.
If $YOU're operating on the presumption I see so often that the script kiddies blind-firing Wordpress vulnerabilities at servers is the height of attacker's sophistication $YOU are operating at an unrecoverable disadvantage against these people.