From: Faiz Ahmad Shuja (faizhoneynet.org.pk)
Date: Sun Jun 12 2005 - 13:55:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Whilst I agree with the notion that bad coding is the main thing to avoid
> as afar as SQL Injections are concerned (or any other vulnerability for
> that matter), there is a question that begs to be answered. For "Service
> Providers" (emphasis supplied), providing secure hosting infrastructure,
> can only be in my opinion on the Layer 2/3 front. On the Application Layer
> (Layers 4-7) it is very hard for a service provider to provide secure
> solutions to code for which we have no "a priori" knowledge.

Well, that's the reason some of the MSPs offer in-depth application
penetration testing to their clients with secure hosting. They regularly
audit their systems and applications for maximum security.

At a certain point, you have to stop relying on automation (i.e. firewalls,
ids, ips, etc) and start using human eyes to catch anomalies.

Regards,
Faiz

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]