Neil Carpenter's Blog

Friday, October 31, 2008 4:07 PM

SQL Injection Hijinks

or Why I Keep Harping On Blacklisting Summary: An incident reveals attempts to get around blacklisting by manipulating behavior in ASP, illustrating the weakness of blacklist approaches. A new version of UrlScan is shipping today with a change specifically

Posted by neilcar | 1 Comments

Filed under: Security, Incident Response, SQL, ASP, Tool

Wednesday, October 22, 2008 2:52 PM

PASSGEN

Occasionally, I see a security incident where one of the things that went wrong was that all of the customer's machines have the same password for the built-in administrator's account. Whenever this happens, I suggest the PASSGEN tool that was included

Posted by neilcar | 2 Comments

Filed under: Security, Tool

Tuesday, May 27, 2008 1:51 PM

SQLInjectionFinder

My colleague Greg , who has forgotten more about command line scripting than I will ever know, put together a sample on CodePlex that automates finding SQL injection attacks from the ongoing mass SQL injection attack ("SQL Storm", as I saw it

Posted by neilcar | 0 Comments

Filed under: Security, Incident Response, SQL, Tool

Neil Carpenter's Blog

This Blog

Syndication

Search

Tags

Archives

About Me

Browse by Tags

SQL Injection Hijinks

PASSGEN

SQLInjectionFinder