Items

• Bookmark

  Security Vulnerability Research & Defense : New tools to block and eradicate SQL injection

  The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements

  Neil Carpenter added 16 months ago

  • SHARE 
    1. Share with another Twine
    2. Share via Email
    3. Tweet This
  • VIEW COMMENTS 0
  • VIEW WEB PAGE
• Bookmark

  Neil Carpenter's Blog : Anatomy of a SQL Injection Incident, Part 2: Meat

  Intro It would appear that the incident I wrote about yesterday is still ongoing. I've been using a search engine to query for the *.js file that's being injected and it looks something like this: Wednesday: 10K hits (This is Avert's number. I didn't

  Neil Carpenter added 16 months ago

  • SHARE 
    1. Share with another Twine
    2. Share via Email
    3. Tweet This
  • VIEW COMMENTS 0
  • VIEW WEB PAGE
• Bookmark

  Neil Carpenter's Blog : SQL Injection Mitigation: Using Parameterized Queries

  Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection . He walks through three coding requirements/defenses: Use SQL Parameterized Queries Use Stored Procedures Use SQL Execute-only Permissions As Michael points out,

  Neil Carpenter added 16 months ago

  • SHARE 
    1. Share with another Twine
    2. Share via Email
    3. Tweet This
  • VIEW COMMENTS 0
  • VIEW WEB PAGE
• Bookmark

  Neil Carpenter's Blog : SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)

  (Part 1 is here ) Previously, I provided a simple example of using parameterized queries in classic ASP; however, that sample lacked a few things such as explicit typing for the parameters. It also created a read-only ADODB.RecordSet which, obviously,

  Neil Carpenter added 16 months ago

  • SHARE 
    1. Share with another Twine
    2. Share via Email
    3. Tweet This
  • VIEW COMMENTS 0
  • VIEW WEB PAGE
• Bookmark

  Security Vulnerability Research & Defense : SQL Injection Attack

  (Special thanks to Neil Carpenter for helping out on this blog post) Recent Trends Beginning late last year, a number of websites were defaced to include malicious HTML <script> tags in text that was stored in a SQL database and used to generate

  Neil Carpenter added 16 months ago

  • SHARE 
    1. Share with another Twine
    2. Share via Email
    3. Tweet This
  • VIEW COMMENTS 0
  • VIEW WEB PAGE