|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Howe (DaveHowe.Pentest
googlemail.com)
Date: Mon Sep 01 2008 - 06:43:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Serg B wrote:
> I was under the impression that an SQL injection is a flaw based on
> individuals programming ability and not the language it self.
>
> To me, what you are saying sounds like: a car model X is crap because
> the driver crashed it into a tree.
.. by setting "autocruse" and letting go of the wheel to answer his phone.
ASP.net is no more or less secure than almost any other server-side
executable; almost invariably though, someone comes along trying to tout
their (usually platform specific or proprietary) language du-jour as the
most secure ever because.... when in fact it could possibly offer some
security advantages over another language (less buffer overflows in
standard library functions, for example) but you can still write
insecure code in it more easily than secure code.
That said, a language that is inherently secure *is* possible, but
nobody would ever use it as the limitations would be too great (no file
system access under any circumstances, no IP connectivity other than via
the query/response channel in the webserver, and so forth)
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]