Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: SQL injection
From: Faiz Ahmad Shuja (faizhoneynet.org.pk)
Date: Sun Jun 12 2005 - 13:55:40 CDT
> Whilst I agree with the notion that bad coding is the main thing to avoid
> as afar as SQL Injections are concerned (or any other vulnerability for
> that matter), there is a question that begs to be answered. For "Service
> Providers" (emphasis supplied), providing secure hosting infrastructure,
> can only be in my opinion on the Layer 2/3 front. On the Application Layer
> (Layers 4-7) it is very hard for a service provider to provide secure
> solutions to code for which we have no "a priori" knowledge.
Well, that's the reason some of the MSPs offer in-depth application
penetration testing to their clients with secure hosting. They regularly
audit their systems and applications for maximum security.
At a certain point, you have to stop relying on automation (i.e. firewalls,
ids, ips, etc) and start using human eyes to catch anomalies.