Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: ISA Server and SQL Injection
From: Paul Johnston <paul () westpoint ltd uk>
Date: Thu, 24 Feb 2005 16:11:06 +0000
Hi Mark,


Curphey> Building secure software IMHO is not just about getting the code
right. I think any good system should be designed to handle failure. That
goes from structured exception and error handling through to
compartmentalizing and restraining components. The crux of it is that
software IMHO has to protect itself. 
Wise words.
Just looking back at your original email, I think you were really attacking not application firewalls, but the exaggerated claims many vendors use. And on that I have to agree with you. 

Your name's kind of familiar, have our paths crossed before?
Did you read my paper? http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf 

Regards,

Paul

--
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]