RE: ASP Security

["Mark Curphey" <mark () curphey com>]

Its http://www.owasp.org (not .com)

-----Original Message-----
From: Gaziel, Avishay [mailto:agaziel () kpmg com]
Sent: Sunday, January 27, 2002 8:57 AM
To: 'ishaybas () netvision net il'
Cc: 'vuln-dev () securityfocus com'
Subject: RE: ASP Security


Hi Ishay
Security issues regarding .asp codes is only a small part of a security
issue called
"Unexpected Input".
Briefly, what you are looking for is articles about "sql injection"
which is a method of injecting your own sql statement to a statement built
using
the .asp
you can find a good starting point @:
www.sqlsecurity.com
www.owasp.com

Avishay


-----Original Message-----
From: ishaybas () netvision net il [mailto:ishaybas () netvision net il]
Sent: ‏ג 22 ינואר 2002 18:34‏
To: vuln-dev () securityfocus com
Subject: ASP Security




Hello,

I am doing a vulnerability development on a product which uses some .ASP
pages,
and I am looking for some papers regarding security issues of ASP code.

Anyone?

Thanks.




---
Time is short.
I am short.
Therefore I am time.


Ishay Sommer

****************************************************************************
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
****************************************************************************
*