Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: asp source code exposure

from [Lehman, Jim] Network Security [Permanent Link]
Subject: RE: asp source code exposure
Date: Wed, 31 May 2006 11:52:05 -0700 
I think Microsoft provides a tuil called url scan, but... it is behind a
F5 BigIP. I set an iRule to filter the regex. That fixed the issue

-----Original Message-----
From: foo@bar.com [mailto:foo@bar.com] 
Sent: Tuesday, May 30, 2006 11:17 AM
To: security-basics@securityfocus.com
Subject: Re: asp source code exposure

Can't you use regular expressions and do URL filtering on the server
side with IIS? Apache has the functionality to match requests and filter
them accordingly, such as SetEnvIf Request_URI "REGEX" blah ? just scan
urls for the addition of :$DATA and boom your pretty safe.



 DISCLAIMER: This message (including any files transmitted with it) may contain 
confidential and/or proprietary information, is the property  of Interactive 
Data Corporation and/or its subsidiaries, and and is directed only to the 
addressee(s). If you are not the designated recipient or have reason to believe 
you received this message in error, please delete this message from your system 
and notify the sender immediately. An unintended recipient's disclosure, 
copying, distrbution, or use of this message or any attachements, is prohibited 
and may be unlawful.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: asp source code exposure, Lehman, Jim <=
Previous by Date:  RE: AD Policy audit tool for Windows 2000, Roger A. Grimes
Next by Date:  RE: Firewalll LAN port and switch port, Roger Onken
Previous by Thread:  Re: 3G cards and security..., Michael Puchol
Next by Thread:  RE: Firewalll LAN port and switch port, Roger Onken
Indexes:  [Date] [Thread] [Top] [All Lists]