Dailydave: Re: From blackbox to grey-box during Web App tests

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: From blackbox to grey-box during Web App tests

From: "Thomas Ptacek" <tqbf () matasano com>
Date: Sun, 14 Oct 2007 08:56:18 -0500

        Why don't more people just use Parameterized Stored Proceedures?  Is it
because there are implimentation issues or because people don't know
about them? Whats your opinion?


I wonder that too. Also, why don't people just not write integer overflows?

With the snark bit cleared, I'll point out: lots of projects use
stored procedures, but have some patches of functionality (like query
builders) that are easiest to write with raw SQL.

-- 
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Re: From blackbox to grey-box during Web App tests, (continued)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 10)
  - Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 11)
    - Re: From blackbox to grey-box during Web App tests J.M. Seitz (Oct 12)
    - Re: From blackbox to grey-box during Web App tests Matt Hargett (Nov 07)
- Re: From blackbox to grey-box during Web App tests Adriel Desautels (Oct 13)
  - Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 14)
    - Re: From blackbox to grey-box during Web App tests C Q (Oct 14)
    - Re: From blackbox to grey-box during Web App tests J.M. Seitz (Oct 15)
    - Re: From blackbox to grey-box during Web App tests C Q (Oct 14)