Security Holes That Run Deep

Security Holes That Run Deep
Mark Burnett, 2004-12-20

How a seemingly simply Microsoft bug betrayed its author's disdain for a wide range of secure coding principles.

Security Holes That Run Deep 2004-12-20
Anonymous (2 replies)

Security Holes That Run Deep 2004-12-22
michaels (1 replies)

Security Holes That Run Deep 2004-12-23
Anonymous

Security Holes That Run Deep 2004-12-26
Anonymous

Nothing new from MS here... 2004-12-21
Anonymous

The original asp. bug (add a dot to the end of an URL) and you get to see the page's source instead of the asp engine execute the code.

Seems these little parsing errors never go away.

http://home.mcyork.com/iansays/archives/000317.html

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/285/29612#29612

Security Holes That Run Deep 2004-12-21
bazzargh

Failing Open vs. Closed 2004-12-22
Andy S.

Security Holes That Run Deep 2004-12-23
Anonymous

Security Holes That Run Deep 2004-12-29
Anonymous-Philippines (1 replies)

Re: Security Holes That Run Deep 2009-06-10
Anonymous - US