View previous topic :: View next topic |
Author |
Message |
manning Just Arrived
Joined: 07 Aug 2006 Posts: 1 Location: Northern Ohio USA
|
Posted: Tue Jul 22, 2008 9:46 pm Post subject: The recent rash of SQL Injection - anything different? |
|
|
Hello,
I know a ton has been posted about SQL injection on these forums, but I wonder specifically if there was anything so dramatically different about the recent rash of injections?
The reason I ask is because our website developer is telling me that the site as written a year or so ago was secure again known SQL injection vulnerabilities at the time, but the recent version of attacks was able to slip past earlier efforts to secure the site. Sound reasonable or are they trying to cover their backsides?
Thanks for your opinions in advance
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Wed Jul 23, 2008 1:44 am Post subject: |
|
|
I'm not aware of any new advances in SQL injection techniques. It is generally the same old issues of filtering and encoding. Hope this helps.....
|
|
Back to top |
|
|
es0teric Just Arrived
Joined: 12 Jul 2008 Posts: 0
|
Posted: Wed Jul 23, 2008 5:50 am Post subject: |
|
|
No major recent developments in SQL injection that I'm aware of. If you want a site to check to know what you're up against, try this out...
http://milw0rm.org/
It's usually updated very quickly as new exploits and techniques become available.
|
|
Back to top |
|
|
manning Just Arrived
Joined: 07 Aug 2006 Posts: 1 Location: Northern Ohio USA
|
Posted: Wed Jul 23, 2008 4:00 pm Post subject: |
|
|
Thank you for the feedback. Kind of what I suspected.
It is funny that one of the article the web designer suggested I read in an effort to prove his case actually states that a properly coded site would not have been as vulnerable to the recent wave of attacks.
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Wed Jul 23, 2008 6:46 pm Post subject: |
|
|
I have sort of come late to this topic, but don't jump on your developers just yet. There was a new attack just recently, and I am totally blanking on the details, or where I found it. The harder I think about it, the less likely I will be able to remember it too.
Let me stew on it for a while. I am pretty sure it had to do with a specific application though, like Invision Power Board.
|
|
Back to top |
|
|
manning Just Arrived
Joined: 07 Aug 2006 Posts: 1 Location: Northern Ohio USA
|
Posted: Wed Jul 23, 2008 7:53 pm Post subject: |
|
|
Groovicus wrote: |
I have sort of come late to this topic, but don't jump on your developers just yet. There was a new attack just recently, and I am totally blanking on the details, or where I found it. The harder I think about it, the less likely I will be able to remember it too.
Let me stew on it for a while. I am pretty sure it had to do with a specific application though, like Invision Power Board. |
OK, I'll go easy on them for now.
What I have read so far suggests that the vulnerability exploited by the most recent attacks was the same as eariler SQL injection vulnerabilites, but that the statement was different.
Basically the developer knows that I'm no SQL or ASP wiz, and because of this I want to make sure they aren't trying to slither out of responsibility for any security issues that they may have overlooked.
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
|
Back to top |
|
|
|