I've written what I think is a decent introduction to the topic, mainly
intended to "make real" the danger to a web developer who has heard of
the subject but not actually really dug in. I talk about a test where
I had to penetrate a web application, and it wasn't "just one step" -
the steps before compromise were mostly interesting too.
Unixwiz.net Tech Tip: SQL Injection Attacks by Example
http://www.unixwiz.net/techtips/sql-injection.html
Nothing here is new or groundbreaking, but I gave an onsite presentation
of this to the customer involved, and it seemed to be a fairly vivid
experience watching their application completely compromised right before
their eyes.
Happy New Year!
Steve
---
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve (at) unixwiz (dot) net [email concealed]
I've written what I think is a decent introduction to the topic, mainly
intended to "make real" the danger to a web developer who has heard of
the subject but not actually really dug in. I talk about a test where
I had to penetrate a web application, and it wasn't "just one step" -
the steps before compromise were mostly interesting too.
Unixwiz.net Tech Tip: SQL Injection Attacks by Example
http://www.unixwiz.net/techtips/sql-injection.html
Nothing here is new or groundbreaking, but I gave an onsite presentation
of this to the customer involved, and it seemed to be a fairly vivid
experience watching their application completely compromised right before
their eyes.
Happy New Year!
Steve
---
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve (at) unixwiz (dot) net [email concealed]
[ reply ]