RE: ASP Security

From: Mark Curphey (mark@curphey.com)
Date: 01/28/02

• Previous message: Gaziel, Avishay: "RE: ASP Security"
• In reply to: Gaziel, Avishay: "RE: ASP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Mark Curphey" <mark@curphey.com>
To: "Gaziel, Avishay" <agaziel@kpmg.com>, <ishaybas@netvision.net.il>
Date: Sun, 27 Jan 2002 19:18:45 -0800

Its http://www.owasp.org (not .com)

-----Original Message-----
From: Gaziel, Avishay [mailto:agaziel@kpmg.com]
Sent: Sunday, January 27, 2002 8:57 AM
To: 'ishaybas@netvision.net.il'
Cc: 'vuln-dev@securityfocus.com'
Subject: RE: ASP Security

Hi Ishay
Security issues regarding .asp codes is only a small part of a security
issue called
"Unexpected Input".
Briefly, what you are looking for is articles about "sql injection"
which is a method of injecting your own sql statement to a statement built
using
the .asp
you can find a good starting point @:
www.sqlsecurity.com
www.owasp.com

Avishay

-----Original Message-----
From: ishaybas@netvision.net.il [mailto:ishaybas@netvision.net.il]
Sent: þâ 22 éðåàø 2002 18:34þ
To: vuln-dev@securityfocus.com
Subject: ASP Security

Hello,

I am doing a vulnerability development on a product which uses some .ASP
pages,
and I am looking for some papers regarding security issues of ASP code.

Anyone?

Thanks.

---
Time is short.
I am short.
Therefore I am time.
Ishay Sommer
****************************************************************************
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
****************************************************************************
*

---

• Previous message: Gaziel, Avishay: "RE: ASP Security"
• In reply to: Gaziel, Avishay: "RE: ASP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: File Upload - Security Issues ... You want to upload a file for what reason and you do ... file and what pitfalls you see re: security might be helpful on this end?! ... files to an IIS server that doesn't have MS Office actually installed? ... 2* Upon submit this is submitted to an ASP page that then (using the XML ... (microsoft.public.scripting.vbscript) AW: ASP Dot Net Security Guidelines ... Betreff: Re: ASP Dot Net Security Guidelines ... Basically you'll treat an asp.net application server as you would an asp ... > to set the permissions as it brings up access denied errors on the ... (Focus-Microsoft) Re: VB Component debugging as anonymous access ... formatting the date on the LCID 1046 as dd/mm/yyyy, ... behavior both in ASP and in my component, ... security on the Web Server, ... Thats why I need the debugger ... (microsoft.public.inetserver.asp.components) RE: ASP Security ... Security issues regarding .asp codes is only a small part of a security ... what you are looking for is articles about "sql injection" ... (Vuln-Dev) RE: passwords in asp pages ... > I am new to security and I have no training in asp programming, ... > server and the user does not see them, and there do not seem to be any ... vulnerability is 0day; unknown to vendors, ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-01