WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL Injection Basics

From: "Sverre H. Huseby" <shh () thathost com>
Date: Wed, 12 Feb 2003 00:16:21 +0100
[Alex Russell]


|   [...] Defense in depth is nothing new, but it's kind of
|   entertaining watching people rediscover it over and over again.
|   I'm pretty sure the concepts of defense in depth will be traceable
|   as far back as someone has had something someone else wanted, and
|   someone was able to write it down. = )

[dreamwvr () dreamwvr com]

|   Well said. I recall a discussion sometime pre black monday. Back
|   in the day sort of speak:) 3 people come to my mind as coining it
|   for security.  Anyways it has been around since MULTICS days at
|   least.

I've already stated that it was the _term_ "boundary filtering" that
thrilled me, not the concept of defense in depth or any other
_concepts_ for that matter.  I just did a couple of Google searches:

        "boundary filtering"      142 matches
        "input validation"      31000 matches

Of the 142 matches for the term "boundary filtering", some are used in
docs on image processing, while the larger share seem to be used in
related to network perimiters, often with computer viruses in mind.

The ideas of boundary filtering within applications may be old, but
the _term_ doesn't seem that common, at least not when it comes to how
it is used by the OWASP Filters project.

Alex, where did you get the term from?


Sverre.

-- 
shh () thathost com             Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/        http://nerdquiz.thathost.com/
Previous By Date Next
Previous By Thread Next

Current thread: