From: Steve Friedl (steve@unixwiz.net)
Date: Sun Jan 02 2005 - 13:45:02 EST
Hello listmates,
I've written what I think is a decent introduction to the topic, mainly
intended to "make real" the danger to a web developer who has heard of
the subject but not actually really dug in. I talk about a test where
I had to penetrate a web application, and it wasn't "just one step" -
the steps before compromise were mostly interesting too.
Unixwiz.net Tech Tip: SQL Injection Attacks by Example
http://www.unixwiz.net/techtips/sql-injection.html
Nothing here is new or groundbreaking, but I gave an onsite presentation
of this to the customer involved, and it seemed to be a fairly vivid
experience watching their application completely compromised right before
their eyes.
Happy New Year!
Steve
---
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve@unixwiz.net
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:11 EDT