From: Mohamed Ali (rxmohamed@hotmail.com)
Date: Tue Oct 12 2004 - 04:24:23 EDT
Hi all,
I did a full pen-test on my client’s web application and almost I can get
all data and data dictionary information I need through exploiting SQL
injection vulnerabilities they have in many dynamic pages.
The question is when I discussed these issues with IT people they recommend
not to solve any of them but just converting to .Net technology I’m not
familiar with Net tech. but this recommendation sounds weird to me IS THERE
ANY WAY TO PROVE THAT THEIR RECOMMENDATION IS NOT ENOUGH TO PREVERT
UNAUTHRIZED ACCESS THROUGH SQL INJECTION (their platform IIS ,SQL Server
and Oracle )
Any suggestions would be appreciated.
Thanks
Ahmed Rashad
IT Audit Manger
Experts.ae
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.com/
------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat
When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.
http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT