Re: [fw-wiz] Application-level Attacks
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 01/29/05
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marcus J. Ranum" <mjr@ranum.com> Date: Sat, 29 Jan 2005 10:43:00 -0500 (EST)
On Sat, 29 Jan 2005, Marcus J. Ranum wrote:
> Paul D. Robertson wrote:
> >Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
> >unexpected input issue-
>
> It's an application-specific flaw in the application accepting the input,
> unless I really misunderstand how SQL injection works.
>
> If the thing that is broken is an "application" then attacks against
> that break are "application attacks" no?
yep, sorry- it looked like you lumped it in with "protocol" and it's
really a different kettle of fish in my book...
Maybe it's time to revisit the whole attack taxonomy thing again...
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
