| Publisher | Next Generation Security Software Ltd (NGSS) | ||
|---|---|---|---|
| Format | WORD | Date added | 05 Mar 2001 |
| Topics | Web Servers, Anti-Hacking | ||
| Downloads | 17 | ||
This document describes how to subvert the security of a Microsoft Internet Information Web Server that feeds into a SQL database. The document assumes that the web application uses Active Server Pages technology with Active Data Objects (ADO), though the same techniques can be used with other technologies. The techniques discussed here can be used to disassemble the SQL database's structure, by-pass login pages, and retrieve and modify data. This does assume that attackers can run arbitrary SQL queries, which unfortunately is all too common due to a lack of understanding, or even a complete ignorance of this problem and subsequent coding techniques in an ASP page.
Did you find this white paper useful?
23 out of 50 users found this white paper useful
Related white papers
Managing Sarbanes-Oxley Act Compliance at Microsoft
Most companies have limited resources, time, and money available for compliance initiatives. But Sarbanes-Oxley (SOX) changes everything. Now it is more important than ever to stay on top of your...
Deep Packets: Application Layer Security Threats
Attackers have progressed from scanning network ports and creating denial-of-service attacks to targeting software such as Web browsers, Web servers, e-mail programs and even database servers. Viruses can sometimes go...
WinTel Server 10 Times Less Expensive to Operate Than Linux Mainframe Audit Report
This report provides an auditor’s commentary of the Mainframe Linux Benchmark Project. It reviews the benchmark process and its appropriateness for the project at hand, the soundness of the...
Capacity Planning
Capacity planning is the process of measuring a Web site's ability to serve content to its visitors at an acceptable speed. The purpose of this document is to present the...
Technical Overview of Internet Information Services (IIS) 6.0
Administrators and Web application developers demand a reliable, easily managed, high performance, and secure Web server. Internet Information Services (IIS) 6.0 and Microsoft Windows Server 2003 introduce many new features...
Managing Internet Information Server 6.0 - Level 200
This session describes the new features of IIS 6.0, explains the HTTP request processing architecture, and shows how administrators can isolate applications. It also introduces new features of FTP and...
Boscov's Sells Smarter With DB2 Software Solution From IBM
For Boscov's Department Stores (Boscov's)-the largest family-owned department store in the U.S. Boscov's solution was to create a data warehouse based on IBM DB2 Universal Database for z/OS. To provide...
