Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well. If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago:SQL Injection – The Web Flaw That Keeps on GivingTen Ways to Sell Security to Management Happy ...
Continue Reading...SQL injection is arguably the grandest of all security vulnerabilities. It can be exploited anonymously over the Internet to gain full access to sensitive information - and no one will ever know it occurred. Yet time and again it's either: overlooked by people who don't test all of their critical systems from every possible angle overlooked by people who haven't learned how to properly use their Web vulnerability scanners overlooked ...
Continue Reading...Here are some new bits I've written on Web security that you may be interested in. First a bit on SQL injection - the greatest Web flaw of all in my humble opinion:SQL Injection – The Web Flaw That Keeps on GivingAnd a bit on how to use your users to your advantage to minimize Web security risks:Getting users on your side to improve Web security...and finally a piece on ...
Continue Reading...Here are several new links to some recent (and, due to my crazy year, not so recent) articles I've written for various TechTarget sites on the subjects of Web application and server security:Web server weaknesses you don't want to overlook (the "rest of the story" of Web flaws)SQL injection tools for automated testing (a must-have for your toolkit)Beefing up SSL to ensure your applications are locked down (good for some ...
Continue Reading...Some people - including a brilliant colleague of mine - think security is not the job of software developers. In the grand scheme of things I think such an approach is shortsighted and bad for business. It's kind of like an auto assembly line worker not being responsible for the quality of his work or citizens not being responsible for their own healthcare (oh wait!) or why the bottom 50% ...
Continue Reading...