WebApp Sec mailing list archives
RE: Web Application Source Vulnerability Scanners
From: "David Cameron" <dcameron () itis-now com>
Date: Fri, 21 Mar 2003 10:03:29 +1100
For instance I'm currently looking for an ASP(vbs) security code analizer, just like rats or the.other.one.that.I.cant.remenber.name . I haven't find anything not free or comercial tool, that analizes visual basic scripts and alerts me about security issues on the code.
If SQL injection is an issue, do a word search for SQL keywords (insert, update and select would be favorites but create might also be useful) through all the ASP pages. I am assuming that to avoid SQL injection you are using prepared statements (eg ADO command object). Also try searching for dynamic SQL in procs. Look for anything that looks like "'<some sql keyword>" (eg 'SELECT). For SQL Server check the syscomments table. regards David Cameron nOw.b2b dcameron () itis-now com
Current thread:
- Re: Web Application Source Vulnerability Scanners, (continued)
- Re: Web Application Source Vulnerability Scanners Kevin Spett (Mar 10)
- RE: Web Application Source Vulnerability Scanners securityarchitect (Mar 04)
- Re: Web Application Source Vulnerability Scanners Dave Aitel (Mar 04)
- Re: Web Application Source Vulnerability Scanners Kevin Spett (Mar 04)
- Re: Web Application Source Vulnerability Scanners Jeff Williams @ Aspect (Mar 04)
- RE: Web Application Source Vulnerability Scanners Brass, Phil (ISS Atlanta) (Mar 04)
- Re: Web Application Source Vulnerability Scanners Toby Barrick (Mar 04)
- RE: Web Application Source Vulnerability Scanners Rose, Tracey (Mar 04)
- RE: Web Application Source Vulnerability Scanners Rosado, Rafael (Rafael) (Mar 04)
- RE: Web Application Source Vulnerability Scanners Vitor Ventura (Mar 20)
- RE: Web Application Source Vulnerability Scanners David Cameron (Mar 20)