I monitor my home page every 15 minutes for change. You can use any
of the free tools, or set up a cf scheduled task to do it.
I add a url parameter that tells the home page to dump all of the
data in the users table for my own entry. (My name, address, phone, etc).
IF that page changes, I
Does anyone have any good methods for testing or monitoring SQL
Injection they are willing to share?
Thanks!
Here's a good resource we use to test attacks:
http://ha.ckers.org/xss.html
Will
~|
Want to reach the
Here's something specific to CFML which you may find useful:
http://foundeo.com/security/
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Andrew Tegenkamp wrote:
With the recent SQL Injection talk, I
With the recent SQL Injection talk, I was looking for ways to setup monitoring
and testing procedures to test for and monitor SQL Injection. Monitor downtime
and all that is covered, but I don't have anything too useful for testing SQL
Injection on new code and monitoring for SQL Injection on
dynamic parts that are out of a cfqueryparam or not
sanitized in some other way. The key really is separating parameters
from executable code.
~Brad
Original Message
Subject: Injection Testing/Monitoring
From: Andrew Tegenkamp andrew...@gmail.com
Date: Mon, January 18, 2010 11:17 am
On Mon, Jan 18, 2010 at 12:44 PM, b...@bradwood.com wrote:
As far as specific testing tools, I think good practice and code reviews
are one of the best things here. You should be able to look at a query
and spot any dynamic parts that are out of a cfqueryparam or not
sanitized in some other
With the recent SQL Injection talk, I was looking for ways to setup monitoring
and testing procedures to test for and monitor SQL Injection. Monitor downtime
and all that is covered, but I don't have anything too useful for testing SQL
Injection on new code and monitoring for SQL Injection on
With the recent SQL Injection talk, I was looking for ways to
setup monitoring and testing procedures to test for and monitor
SQL Injection.
One of the prevention tools that I made available a while back will find
many SQL injection attempts and can stop them and notify you. It's not
perfect
On the topic, I guess to be fair I could mention that there are web
application firewalls out there that filter for attacks such as these.
They are probably going to be able to filter a high amount of traffic
faster that CF can, and if you pay $$ the vendor keeps up with all the
latest attack
9 matches
Mail list logo