Re: [fw-wiz] Application-level Attacks

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 01/29/05

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
    To: "Paul D. Robertson" <paul@compuwar.net>
    Date: Sat, 29 Jan 2005 10:47:27 -0500
    
    

    Paul D. Robertson wrote:
    >Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
    >unexpected input issue-

    It's an application-specific flaw in the application accepting the input,
    unless I really misunderstand how SQL injection works.

    If the thing that is broken is an "application" then attacks against
    that break are "application attacks" no?

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"

    Relevant Pages

    • Re: sql injection: url or form based?
      ... start putting your SQL injection magic in the input boxes to ... Hackers are concentrating their efforts on attacking applications ... Check your website for vulnerabilities to SQL injection, ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: database server audit tools
      ... This thing was pretty limited last time I looked at it, and had no database audit capabilities. ... this is a nice SQL injection testing tool. ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: sql injection: url or form based?
      ... start putting your SQL injection magic in the input boxes to ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: sql injection: url or form based?
      ... I see many references to manipulation of SQL backend databases through both URL based and Forms based SQL injection but I'm wondering what are the ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are ...
      (Pen-Test)
    • [UNIX] Protector System Multiple Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Several classes of vulnerabilities have been found in Protector. ... cross-site scripting and SQL injection attacks. ...
      (Securiteam)