Network Security: Detailed info on Re: ISA Server and SQL Injection

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: ISA Server and SQL Injection

from [Paul Johnston] Network Security

[Permanent Link]

Subject:	Re: ISA Server and SQL Injection
Date:	Thu, 24 Feb 2005 16:11:06 +0000

Hi Mark,

Curphey> Building secure software IMHO is not just about getting the code right. I think any good system should be designed to handle failure. That goes from structured exception and error handling through to compartmentalizing and restraining components. The crux of it is that software IMHO has to protect itself.

Wise words.

Just looking back at your original email, I think you were really attacking not application firewalls, but the exaggerated claims many vendors use. And on that I have to agree with you.

Your name's kind of familiar, have our paths crossed before?

Did you read my paper? http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf

Regards,

Paul

--
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], (continued) Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], David Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], Jeremiah Grossman storing SSNs, CCNs, password in the DB, Francesco Re: storing SSNs, CCNs, password in the DB, Adam Shostack Re: storing SSNs, CCNs, password in the DB, Francesco Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection], Jeff Williams Re: ISA Server and SQL Injection, Paul Johnston RE: ISA Server and SQL Injection, Mark Curphey Re: ISA Server and SQL Injection, Paul Johnston RE: ISA Server and SQL Injection, Mark Curphey Re: ISA Server and SQL Injection, Paul Johnston <= Re: ISA Server and SQL Injection, Stephen de Vries Object Caching with IE 6 XP SP2, Don Tuer Copying files from one server to another., Eric Boughner Re: Copying files from one server to another., Michael Sztachanski RE: Copying files from one server to another., dave kleiman Re: Copying files from one server to another., David

Previous by Date:	Passing Credentials in the clear- Possible fixes, Jeff
Next by Date:	Object Caching with IE 6 XP SP2, Don Tuer
Previous by Thread:	RE: ISA Server and SQL Injection, Mark Curphey
Next by Thread:	Re: ISA Server and SQL Injection, Stephen de Vries
Indexes:	[Date] [Thread] [Top] [All Lists]