Here's something specific to CFML which you may find useful:
http://foundeo.com/security/
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Andrew Tegenkamp wrote:
> With the recent SQL Injection talk, I
> Does anyone have any good methods for testing or monitoring SQL
> Injection they are willing to share?
>
> Thanks!
Here's a good resource we use to test attacks:
http://ha.ckers.org/xss.html
Will
~|
Want to reach the Co
I monitor my home page every 15 minutes for change. You can use any
of the free tools, or set up a cf scheduled task to do it.
I add a url parameter that tells the home page to dump all of the
data in the users table for my own entry. (My name, address, phone, etc).
IF that page changes, I ge
On the topic, I guess to be fair I could mention that there are web
application firewalls out there that filter for attacks such as these.
They are probably going to be able to filter a high amount of traffic
faster that CF can, and if you pay $$ the vendor keeps up with all the
latest attack def
> With the recent SQL Injection talk, I was looking for ways to
> setup monitoring and testing procedures to test for and monitor
> SQL Injection.
One of the prevention tools that I made available a while back will find
many SQL injection attempts and can stop them and notify you. It's not
perfe
On Mon, Jan 18, 2010 at 12:44 PM, wrote:
> As far as specific testing tools, I think good practice and code reviews
> are one of the best things here. You should be able to look at a query
> and spot any dynamic parts that are out of a cfqueryparam or not
> sanitized in some other way. The key
One of the best ways to test your site is to post the URL here and claim
it can't be hacked. Usually people will "help you out". :)
As far as specific testing tools, I think good practice and code reviews
are one of the best things here. You should be able to look at a query
and spot any dynam
7 matches
Mail list logo