search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology International Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: AMD Video BIOS Disassembler Released Building A Linux Computer: Part 5: Finishing Touches Open Source, Less Labor, More Love 5 GIMP Tricks Everyone Should Know! CLI for fun: du This is Why I Love Linux Boxee now open to all Ubuntu users A New, Easy To Use Disk Formatter For GNOME Help On The Way: Five Great Linux Support Sites Artwork for Ubuntu Jaunty Already Impressive Unix/Red Hat Systems Adminsitrator The Computer Merchant, Ltd US-PA-Lansdale Post A Job | Post A Resume Problems with Penetration Testing Nov 10, 2008, 23 :33 UTC (1 Talkback[s]) (1987 reads) (Other stories by Kenneth van Wyk) "A perfectly natural human response to this message is to retreat and patch the software to stop that SQL syntax from being injected into the Web application. The developers are likely to write some logic that goes like: if (SQL syntax is present in an input) disallow the input. "Then, the pen test is repeated, the problem is resolved, and everyone is happy. Right? Wrong. "The problem with this approach is that it is almost always a negative model, not a positive one. That is, the programmers will naturally be drawn to checking a “blacklist” of banned SQL syntax, and then disallowing the input. This type of negative validation can invariably be broken by a determined adversary." Complete Story Related Stories: Testing SIP Security on a Budget, Part 1(Oct 02, 2008) New Linux Phone Can 'pwn' Wi-Fi(Sep 22, 2008) With Linux, Even Rootkits Are Open Source(Sep 10, 2008) Network Security Toolkit Distribution Aids Network Security Administrators(Jul 24, 2008) Test Your Environment's Security with BackTrack(Jun 17, 2008) Metasploit 3.0 Doesn't Pwn Systems, Black Hats Pwn Systems(May 07, 2007) Linux.com: Fear the Metasploit Framework(Sep 28, 2006) Linux.com: Point, Click, Root: System Exploitation with Open Tools(Sep 22, 2006) Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   Wrong solution.    Rainer Weikusat Nov 11, 2008, 13:59:38     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers Solutions Whitepapers and eBooks Avaya Article: Developing Speech Grammars that Rock, Part 2: Grammar Tuning Microsoft Partner Portal: Hyper-V Vaults Microsoft into Virtualization Race Small Business Solution Exchange: The Pros and Cons of Outsourcing Enterprise Emails Avaya Article: JSR 289: SIP Servlet 1.1 Provides Significant Benefits for SIP Application Developers   Microsoft Article: Build and Run Virtual Machines with Hyper-V Server 2008 Internet.com eBook: Real Life Rails Internet.com eBook: Best Practices for Developing a Web Site MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts HP Webinar: Virtualization for Business Critical SAP on SQL Server Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices   Rackspace Hosting Center: Customer Videos MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits IdeaBlade Download: DevForce EF--Developing for LINQ and the Entity Framework Microsoft Download: Silverlight 2 SDK 30-Day Trial: SPAMfighter Exchange Module Iron Speed Designer Application Generator   Microsoft Download: Silverlight 2 Developer Runtime (Windows) IdeaBlade Download: .NET Programming with DevForce Classic MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Online Demo: IBM Cognos 8 Business Intelligence Reporting   MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES