Penetration Testing mailing list archives

Re: is JSP&servelet web app SQL Injection Free?

From: "Frank Fan" <frank () dbappsecurity com>
Date: Tue, 6 Jan 2009 15:39:40 +0800

Of course not!

In fact it has nothing to do with language, but with how app deal with
paras etc, most app has problems we found are JSP and asp.

Best!
Frank

On Mon, Jan 5, 2009 at 4:28 PM, salamond <jarodzz () gmail com> wrote:

Hi, all.

I'm new to pen-testing.

Just finished my tour with a couple of tools:
webscarab
sqlmap
ratproxy

But it shows OK for every page that I've been through.

I went through a couple of SQL Injection tutorial, and most of them
are focusing on
php or asp pages.

So here's my question, it may sound stupid, but
is there no SQL Injection problems in JSP&Java sevelet web app?

thanks

JarodZZ

Current thread:

is JSP&servelet web app SQL Injection Free? salamond (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Phillip Ames (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Taufiq Ali (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Frank Fan (Jan 05)
  - Re: is JSP&servelet web app SQL Injection Free? ArcSighter Elite (Jan 06)
- Re: is JSP&servelet web app SQL Injection Free? David Howe (Jan 06)