From: Faiz Ahmad Shuja (faiz@honeynet.org.pk)
Date: Sun Jun 12 2005 - 14:55:40 EDT
> Whilst I agree with the notion that bad coding is the main thing to avoid
> as afar as SQL Injections are concerned (or any other vulnerability for
> that matter), there is a question that begs to be answered. For "Service
> Providers" (emphasis supplied), providing secure hosting infrastructure,
> can only be in my opinion on the Layer 2/3 front. On the Application Layer
> (Layers 4-7) it is very hard for a service provider to provide secure
> solutions to code for which we have no "a priori" knowledge.
Well, that's the reason some of the MSPs offer in-depth application
penetration testing to their clients with secure hosting. They regularly
audit their systems and applications for maximum security.
At a certain point, you have to stop relying on automation (i.e. firewalls,
ids, ips, etc) and start using human eyes to catch anomalies.
Regards,
Faiz
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT