Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Patching IIS (was - RE: ASP security in HTML pages)

Patching IIS (was - RE: ASP security in HTML pages)

From: Wolf, Yonah <Yonah.Wolf_at_ujc.org>
Date: Mon, 28 Jun 2004 14:25:41 -0400

All,

 I seems that a lot of these responses are pointing out age-old flaws in ASP - stuff that was around 3-4 years ago. If someone were to properly configure and/or patch their server (say, by running the IIS lockdown tool) they would not be exposed to these vulnerabilities. In light of that I just wanted to point out several things:

        - It's not the holes you close, but the ones you need to keep open that you need to worry about (hence the need for web app security)

        - I understand if someone gets taken by a new flaw when it first comes out, but it is a sorry state of affairs when ASP flaws from 3 years ago are still being exploited - I just can't understand why well-known security patches aren't being applied!?!?

        - Steps to protect your source code, especially if that code is contained in scripts, is like the false security of a life preserver in shark-infested waters - it will help you, but to a point.
Received on Jun 28 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]