Network Security: Detailed info on RE: Pen-testing AS400 DB2 LANSA

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

RE: Pen-testing AS400 DB2 LANSA

from [Amichai Shulman] Network Security

[Permanent Link]

Subject:	RE: Pen-testing AS400 DB2 LANSA
Date:	Wed, 22 Jun 2005 09:32:31 +0200

We did a pen-test on a web application a while ago that used DB2 on
AS400 as backend database. Found SQL injection to work much like with
any other database. Interesting thing though was that we invoked a
denial-of-service attack against the AS400 by injecting a computation
intensive query.

Amichai Shulman
CTO




Imperva, Inc.
12 Hachilazon St.
Ramat Gan


(972)-3-6120133 x103 Office
(972)-3-7511133 Fax
(972)-50-6544451 Mobile
shulman@imperva.com


-----Original Message-----
From: eoin.keary@owasp.org [mailto:eoin.keary@owasp.org] 
Sent: Wednesday, June 15, 2005 3:34 PM
To: pen-test@securityfocus.com
Subject: Pen-testing AS400 DB2 LANSA


Hi,
anyone have any knowledge on SQL injection for a AS400 running DB2?

Eoin

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Pen-testing AS400 DB2 LANSA, eoin . keary RE: Pen-testing AS400 DB2 LANSA, Amichai Shulman <= RE: Pen-testing AS400 DB2 LANSA, Eoin Keary RE: Pen-testing AS400 DB2 LANSA, Amichai Shulman

Previous by Date:	Re: Risks associated to branch office IPSec devices, Chris Byrd
Next by Date:	RE: Pen-testing AS400 DB2 LANSA, Eoin Keary
Previous by Thread:	Pen-testing AS400 DB2 LANSA, eoin . keary
Next by Thread:	RE: Pen-testing AS400 DB2 LANSA, Eoin Keary
Indexes:	[Date] [Thread] [Top] [All Lists]