Hosting Provided By

RE: Web Application Source Vulnerability Scanners

From: David Cameron <dcameron(at)itis-now.com>
Date: Thu Mar 20 2003 - 18:03:29 EST

> For instance I'm currently looking for an ASP(vbs) security

If SQL injection is an issue, do a word search for SQL keywords (insert, update and select would be favorites but create might also be useful) through all the ASP pages. I am assuming that to avoid SQL injection you are using prepared statements (eg ADO command object). Also try searching for dynamic SQL in procs. Look for anything that looks like "'<some sql keyword>" (eg 'SELECT). For SQL Server check the syscomments table.

regards
David Cameron
nOw.b2b
dcameron@itis-now.com Received on Thu Mar 20 18:55:26 2003

This message: [ Message body ]
Next message: Ramirez, Manuel N (CORP, DDEMESIS): "RE: Guidlines for Testing Web Applications"
Previous message: dan cuthbert: "Re: Guidlines for Testing Web Applications"
Maybe in reply to: Rosado, Rafael (Rafael): "Web Application Source Vulnerability Scanners"
In reply to Vitor Ventura: "RE: Web Application Source Vulnerability Scanners"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT