Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Application-level Attacks

From: "Paul D. Robertson" <paul () compuwar net>
Date: Sat, 29 Jan 2005 10:43:00 -0500 (EST)
On Sat, 29 Jan 2005, Marcus J. Ranum wrote:


Paul D. Robertson wrote:

Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
unexpected input issue-


It's an application-specific flaw in the application accepting the input,
unless I really misunderstand how SQL injection works.

If the thing that is broken is an "application" then attacks against
that break are "application attacks" no?


yep, sorry- it looked like you lumped it in with "protocol" and it's
really a different kettle of fish in my book...

Maybe it's time to revisit the whole attack taxonomy thing again...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: