RE: CGI security vs ASP security

["Kline, Nathan C - CIEP-3" <nckline () bpa gov>]

I think it comes down to where you developer skills are at.  The code is going to be much more secure if the coder is 
more experienced in a particular language and knows the tricks to provide the enhanced security.  ASP is a framework 
with associated objects for use, much like .NET.  It provides some built in objects that help to secure applications.  
.Net increases those available security related objects.  I am unclear as the previous poster with what you mean by 
CGI, but it may or may not provide the same functionality.  The bottom line though is both are dated technologies.  
Java or .NET, being cutting edge complied languages will give you much better performance, scalability, and security 
then CGI or ASP.  

--Nathan


-----Original Message-----
From: Corey Schaffer [mailto:cschaffer () accessdenied ca] 
Sent: Monday, April 14, 2003 12:23 PM
To: Jens Porup; security-basics () securityfocus com
Subject: Re: CGI security vs ASP security

ASP isn't a language...it is a technology....JScript or VBScript is the 
language that runs within an ASP page.



On Mon, 14 Apr 2003 13:55:16 +1000, Jens Porup <jens () cyber com au> wrote:

> On Thu, Apr 10, 2003 at 12:52:19PM -0400, Teodorski, Chris wrote:
> > I am looking for some opinions on whether ASP is inherently more
> > secure than CGI? Or is it just easier to implement ASP
> > securely......and securing CGI takes work and knowledge.......
>
> CGI is a protocol, ASP is a language... ASP is a crap Microsoft product
> I wouldn't use to add one and one.... if by CGI you mean Perl, then yes,
> Perl is a *good thing*
>
>
>
>
>
>
> -------------------------------------------------------------------
> Is SPAM over-loading your e-mail server, disk space or bandwidth?
> SurfControl E-Mail Filter is flexible, intelligent and policy-driven
> protection.
> http://www.securityfocus.com/SurfControl-security-basics2
> Download your free fully functional trial, complete with 30-days of free 
> technical support.
> Stop SPAM before it stops you.
> -------------------------------------------------------------------



-- 
Are you at risk?
www.accessdenied.ca

-------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  www.blackhat.com
-------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------