Firewall Wizards mailing list archives
Re: Application-level Attacks
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 29 Jan 2005 10:43:00 -0500 (EST)
On Sat, 29 Jan 2005, Marcus J. Ranum wrote:
Paul D. Robertson wrote:Hmmm, but an SQL injection attack isn't really a protocol issue- it's an unexpected input issue-It's an application-specific flaw in the application accepting the input, unless I really misunderstand how SQL injection works. If the thing that is broken is an "application" then attacks against that break are "application attacks" no?
yep, sorry- it looked like you lumped it in with "protocol" and it's really a different kettle of fish in my book... Maybe it's time to revisit the whole attack taxonomy thing again... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks vbwilliams (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks M. Dodge Mumford (Jan 30)
- Re: Application-level Attacks Marcus J. Ranum (Jan 30)
- Re: Application-level Attacks Crispin Cowan (Jan 30)
- Re: Application-level Attacks Stephen P. Berry (Jan 30)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Devdas Bhagat (Jan 30)