Bugtraq mailing list archives
New SQL Injection Whitepaper
From: "Chris Anley" <chris () ngssoftware com>
Date: Thu, 31 Jan 2002 15:37:42 -0000
Hi folks, I've just completed a Microsoft SQL Server 'injection' whitepaper, that can be downloaded from http://www.ngssoftware.com/papers/advanced_sql_injection.pdf At least half of the sites I've audited have been vulnerable to some form of SQL injection; I think it's important that people fully understand the issues. The paper contains information on a variety of attacks, including second-order SQL injection, automation scripts and audit evasion. It also discusses input validation and (briefly) secure builds. The intention is to raise awareness of the rich variety of SQL injection attacks, in order to encourage people to fix these issues in their applications. Cheers, -chris.
Current thread:
- New SQL Injection Whitepaper Chris Anley (Jan 31)