Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » SQL » ASP   (RSS)
Friday, October 31, 2008 4:07 PM

SQL Injection Hijinks

or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new version of UrlScan is shipping today with a change specifically
Posted by neilcar | 1 Comments
Friday, May 30, 2008 12:17 PM

SQL Injection: Trends & Guidance

I've been working with the SWI team to write a comprehensive overview of the SQL Storm attacks with guidance for IT administrators, developers, and end users.  That article is posted at sql-injection-attack.aspx . For developers, specifically, Bala
Posted by neilcar | 0 Comments
Filed under: , ,
Friday, May 23, 2008 12:18 PM

SQL Injection Mitigation: Using Parameterized Queries part 2 (types and recordsets)

(Part 1 is here ) Previously, I provided a simple example of using parameterized queries in classic ASP; however, that sample lacked a few things such as explicit typing for the parameters. It also created a read-only ADODB.RecordSet which, obviously,
Posted by neilcar | 10 Comments
Filed under: , ,
Wednesday, May 21, 2008 9:05 AM

SQL Injection Mitigation: Using Parameterized Queries

Michael Howard wrote an excellent article yesterday on how the SDL addresses SQL injection . He walks through three coding requirements/defenses: Use SQL Parameterized Queries Use Stored Procedures Use SQL Execute-only Permissions As Michael points out,
Posted by neilcar | 15 Comments
Filed under: , ,
 
Page view tracker