SEARCH RESULTS
 
Showing 1-10 of 37 records
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...query parameters is vulnerable to reflected XSS. With a vulnerable application, an attacker can craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Streaming SQL Approaches Insist in Ignoring Causality by PatternStorm

2008-09-05 14:25:35 by Tim Bass in The Complex Event Processing Blog
 
...query that StreamBase cannot solve (but Oracle can) is the following: correlate the stream that contains the total number of cars on the road for each time interval with the stream that contains the total average speed of the cars on the road for each time interval in order to detect the situation where the avergae speed is below 45 and the...
 
Tags: sql, sql approaches insist, cars stream, stream, average speed event, event, sql languages, languages, cars event
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...query parameters is vulnerable to reflected XSS. With a vulnerable application, an attacker can craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Anti-Debugging Series - Part I

2008-12-02 20:56:25 by Tyler Shields in Zero in a bit
 
...query process and system information to determine the existence or operation of a debugger. From single line calls such as IsDebuggerPresent() and CheckRemoteDebugger() to slightly more complex methods including debugger detaching and CloseHandle() checks. These methods are generally trivial to add to an existing code base and many can even...
 
Tags: process execution breaks, execution, process, methods query process, hardware breakpoint, hardware, process information, target process, methods
 
 
 
 
Expand article

Whats New in the Amazon Cloud?: Security Vulnerability in Amazon EC2 and SimpleDB Fixed (7.5 Months After Notification)

The Article has images
2008-12-18 23:09:54 by Craig Balding in Cloud Security
...Query (aka REST) requests to Amazon SimpleDB, to Amazon Elastic Compute Cloud (EC2), or to Amazon Simple Queue Service (SQS) over HTTP, and there is any way for an attacker to provide you with data which you use to construct your request, switch to HTTPS or start using AWS signature version 2 now. For example, if you allow users to add...
 
Tags: amazon, amazon cloud, simpledb, security, vulnerability, aws signature version, security vulnerability, signature version, amazon devpay
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...query parameters is vulnerable to reflected XSS. With a vulnerable application, an attacker can craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...query of the NVD with "Vendor=Microsoft", "Start Date= January 2007", and "End Date=December 2007" returns 254 matches. A query of NVD without selecting any vendor, and choosing "Start Date= January 2007", and "End Date=December 2007" returns 6532 matches. If my math is correct, that states that Microsoft was responsible for 3.8885 percent of...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

Oklahoma Department of Corrections SQL exposure

The Article has images
2008-04-21 11:23:45 by Evan Francen in The Breach Blog
...query as a parameter Fortunately, he didn't accuse me of hacking their site. In fact, he seemed appreciative and promised to pass the details along to their developers The following day, both the SVOR and Offender Search were taken down "for routine maintenance However, when the sites came back up, I noticed that that the "print-friendly...
 
Tags: social security, oklahoma, sql, residents, oklahoma residents, bad, bad news, department, sql query
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...query through the application. This vulnerability allows for unauthorized, interactive, logon to a SQL server which may result in the execution of malicious commands leading to the possible modification (or deletion) of Operating System or user data Combining the use of parameterized queries and stored procedures helps to mitigate the risk of...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability