Christa Carpentiere
extremely precious tagline here
<
August 2008
>
Su
Mo
Tu
We
Th
Fr
Sa
27
28
29
30
31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
2
3
4
5
6
Search
Go
Navigation
Blogs
Login
Subscriptions
RSS 2.0
Atom 0.3
Contact
SQL injection in Web apps whitepaper
This one is from SPI Dynamics. It provides an interesting approach; it basically walks you through the various means of launching a successful SQL injection attack, and describes what they'll enable you to do on the server. It then provides some solutions to these issues. I found the Solutions section to a be a bit sparse and a bit of an afterthought, but I think the Attacks section is worth a read to anyone who does serve up data in a Web application. It should help you look at your app from an attacker's point of view, so you can make sure you've really shored up any potential weak points. If you are interested, you can go to
https://download.spidynamics.com/1/ad/sql.asp?cs1_ContSupRef=I-N-msdn8.17.04
and fill out some basic contact info, in return for which they'll email you a link to the whitepaper .pdf file.
posted on Tuesday, October 19, 2004 10:37 AM by
christac