WebApp Sec mailing list archives

Re: ISA Server and SQL Injection

From: Paul Johnston <paul () westpoint ltd uk>
Date: Thu, 24 Feb 2005 16:11:06 +0000

Hi Mark,

Curphey> Building secure software IMHO is not just about getting the code
right. I think any good system should be designed to handle failure. That
goes from structured exception and error handling through to
compartmentalizing and restraining components. The crux of it is that

software IMHO has to protect itself.

Wise words.

Just looking back at your original email, I think you were reallyattacking not application firewalls, but the exaggerated claims manyvendors use. And on that I have to agree with you.


Your name's kind of familiar, have our paths crossed before?

Did you read my paper?http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf


Regards,

Paul

--
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk

Current thread:

Re: storing SSNs, CCNs, password in the DB, (continued)
- - - Re: storing SSNs, CCNs, password in the DB Alvin Oga (Mar 01)
    - Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Feb 28)
    - Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Mar 01)
    - Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Mar 01)
    - Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Mar 01)
    - Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Mar 01)
    - Re: ISA Server and SQL Injection Paul Johnston (Feb 23)
    - RE: ISA Server and SQL Injection Mark Curphey (Feb 23)
    - Re: ISA Server and SQL Injection Paul Johnston (Feb 23)
    - RE: ISA Server and SQL Injection Mark Curphey (Feb 23)
    - Re: ISA Server and SQL Injection Paul Johnston (Feb 28)
    - Re: ISA Server and SQL Injection Stephen de Vries (Feb 28)
    - Re: ISA Server and SQL Injection Jan P. Monsch (Mar 01)
    - Re: ISA Server and SQL Injection christopher (Mar 03)
    - Re: ISA Server and SQL Injection Jan P. Monsch (Mar 03)
    - Re: ISA Server and SQL Injection Paul Johnston (Mar 03)
    - Object Caching with IE 6 XP SP2 Don Tuer (Feb 28)
  - Copying files from one server to another. Eric Boughner (Feb 23)
    - Re: Copying files from one server to another. Michael Sztachanski (Feb 23)
    - RE: Copying files from one server to another. dave kleiman (Feb 23)
    - Re: Copying files from one server to another. David (Feb 23)

(Thread continues...)