|
WebApp Sec
mailing list archives
Re: aspx applictions SQL Injection
From: Adam Shostack <adam () homeport org>
Date: Tue, 12 Oct 2004 20:51:25 -0400
Offer to do another pen test, and only bill if you get through. :)
Adam
On Tue, Oct 12, 2004 at 08:23:16AM +0000, Mohamed Ali wrote:
| Hi all,
|
| I did a full pen-test on my clients web application and almost I can get
| all data and data dictionary information I need through exploiting SQL
| injection vulnerabilities they have in many dynamic pages.
|
| The question is when I discussed these issues with IT people they
| recommend not to solve any of them but just converting to .Net technology
| Im not familiar with Net tech. but this recommendation sounds weird to me
| IS THERE ANY WAY TO PROVE THAT THEIR RECOMMENDATION IS NOT ENOUGH TO
| PREVERT UNAUTHRIZED ACCESS THROUGH SQL INJECTION (their platform IIS ,SQL
| Server and Oracle )
|
|
| Any suggestions would be appreciated.
|
| Thanks
|
|
|
| Ahmed Rashad
| IT Audit Manger
| Experts.ae
|
| _________________________________________________________________
| Don't just search. Find. Check out the new MSN Search!
| http://search.msn.com/
|
 By Date 
By Thread
Current thread:
|
Intro
