Penetration Testing: Re: is JSP&servelet web app SQL Injection Free?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: is JSP&servelet web app SQL Injection Free?

From: Taufiq Ali <taufiq.ali () niiconsulting com>
Date: Tue, 06 Jan 2009 12:57:17 +0530

Hey JarodZZ,

SQL injections are independent of programming languages. SQL injection is basically an art tomanipulate SQL queries & will exist with any web application that if not coded as per secure codingguidelines or at least implement some validation to filter expected characters from the GET or POSTrequest that contribute towards SQL injection.


cheers
Taufiq

-------- Original Message --------
Subject: is JSP&servelet web app SQL Injection Free?
From: salamond <jarodzz () gmail com>
To: pen-test () securityfocus com
Date: 1/5/2009 1:58 PM

Hi, all.

I'm new to pen-testing.

Just finished my tour with a couple of tools:
webscarab
sqlmap
ratproxy

But it shows OK for every page that I've been through.

I went through a couple of SQL Injection tutorial, and most of them
are focusing on
php or asp pages.

So here's my question, it may sound stupid, but
is there no SQL Injection problems in JSP&Java sevelet web app?

thanks

JarodZZ

By Date By Thread

Current thread:

is JSP&servelet web app SQL Injection Free? salamond (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Phillip Ames (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Taufiq Ali (Jan 05)
- Re: is JSP&servelet web app SQL Injection Free? Frank Fan (Jan 05)
  - Re: is JSP&servelet web app SQL Injection Free? ArcSighter Elite (Jan 06)
- Re: is JSP&servelet web app SQL Injection Free? David Howe (Jan 06)