Penetration Testing mailing list archives
RE: SQL injection
From: Faiz Ahmad Shuja <faiz () honeynet org pk>
Date: Sun, 12 Jun 2005 23:55:40 +0500
Whilst I agree with the notion that bad coding is the main thing to avoid as afar as SQL Injections are concerned (or any other vulnerability for that matter), there is a question that begs to be answered. For "Service Providers" (emphasis supplied), providing secure hosting infrastructure, can only be in my opinion on the Layer 2/3 front. On the Application Layer (Layers 4-7) it is very hard for a service provider to provide secure solutions to code for which we have no "a priori" knowledge.
Well, that's the reason some of the MSPs offer in-depth application penetration testing to their clients with secure hosting. They regularly audit their systems and applications for maximum security. At a certain point, you have to stop relying on automation (i.e. firewalls, ids, ips, etc) and start using human eyes to catch anomalies. Regards, Faiz
Current thread:
- RE: Exploit Repositories and Due Diligence, (continued)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 14)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 20)
- Re: SQL injection Tim (Jun 09)
- Re: SQL injection James Riden (Jun 09)
- RE: SQL injection Leandro Reox (Jun 09)
- RE: SQL injection Todd Towles (Jun 09)
- RE: SQL injection Leandro Reox (Jun 10)
- Re: SQL injection HernĂ¡n M . Racciatti (Jun 10)
- Re: SQL injection DokFLeed (Jun 10)
- RE: SQL injection Leandro Reox (Jun 10)
- RE: SQL injection Faisal Khan (Jun 12)
- RE: SQL injection Faiz Ahmad Shuja (Jun 12)