Penetration Testing mailing list archives
Re: is JSP&servelet web app SQL Injection Free?
From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Tue, 06 Jan 2009 17:30:47 +0000
salamond wrote:
Hi, all. I'm new to pen-testing. Just finished my tour with a couple of tools: webscarab sqlmap ratproxy But it shows OK for every page that I've been through. I went through a couple of SQL Injection tutorial, and most of them are focusing on php or asp pages. So here's my question, it may sound stupid, but is there no SQL Injection problems in JSP&Java sevelet web app?
sure. however, there are no practical differences between not sanitizing input on php/asp to not sanitizing input on jsp/perl/ruby/whatever most of the differences are to do with the backend sql engine, not the active content language.
Current thread:
- is JSP&servelet web app SQL Injection Free? salamond (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Phillip Ames (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Taufiq Ali (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Frank Fan (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? ArcSighter Elite (Jan 06)
- Re: is JSP&servelet web app SQL Injection Free? David Howe (Jan 06)