RE: SQL injection

From: Faiz Ahmad Shuja (faiz@honeynet.org.pk)
Date: Sun Jun 12 2005 - 14:55:40 EDT

• Next message: Richard Farina: "Re: tcp redirect with on the fly modification"
• Previous message: Faisal Khan: "RE: SQL injection"
• In reply to: Faisal Khan: "RE: SQL injection"
• Next in thread: travis.barlow@thebarlowgroup.ca: "Re: RE: SQL injection"
• Maybe reply: travis.barlow@thebarlowgroup.ca: "Re: RE: SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Whilst I agree with the notion that bad coding is the main thing to avoid
> as afar as SQL Injections are concerned (or any other vulnerability for
> that matter), there is a question that begs to be answered. For "Service
> Providers" (emphasis supplied), providing secure hosting infrastructure,
> can only be in my opinion on the Layer 2/3 front. On the Application Layer
> (Layers 4-7) it is very hard for a service provider to provide secure
> solutions to code for which we have no "a priori" knowledge.

Well, that's the reason some of the MSPs offer in-depth application
penetration testing to their clients with secure hosting. They regularly
audit their systems and applications for maximum security.

At a certain point, you have to stop relying on automation (i.e. firewalls,
ids, ips, etc) and start using human eyes to catch anomalies.

Regards,
Faiz

• Next message: Richard Farina: "Re: tcp redirect with on the fly modification"
• Previous message: Faisal Khan: "RE: SQL injection"
• In reply to: Faisal Khan: "RE: SQL injection"
• Next in thread: travis.barlow@thebarlowgroup.ca: "Re: RE: SQL injection"
• Maybe reply: travis.barlow@thebarlowgroup.ca: "Re: RE: SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT