[thelist] Fwd: New SQL Injection Whitepaper
Anthony Baratta
Anthony at Baratta.com
Thu Jan 31 16:56:02 CST 2002
>From: "Chris Anley" <chris at ngssoftware.com>
>To: <bugtraq at securityfocus.com>
>Subject: New SQL Injection Whitepaper
>Date: Thu, 31 Jan 2002 15:37:42 -0000
>
>Hi folks,
>
>I've just completed a Microsoft SQL Server 'injection' whitepaper, that can
>be downloaded from
>
>http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
>
>At least half of the sites I've audited have been vulnerable to some form of
>SQL injection; I think it's important that people fully understand the
>issues.
>
>The paper contains information on a variety of attacks, including
>second-order SQL injection, automation scripts and audit evasion. It also
>discusses input validation and (briefly) secure builds. The intention is to
>raise awareness of the rich variety of SQL injection attacks, in order to
>encourage people to fix these issues in their applications.
>
>Cheers,
>
> -chris.
More information about the thelist
mailing list