Roger's (Chief Security Advisor of Microsoft EMEA) blog has some interesting information about the analysis and possible countermeasures of SQL injection:
(Source: Roger's blog)Understand the current threat and read SQL Injection Attacks on IIS Web Servers on our IIS Blog and Questions about Web Server Attacks on the Microsoft Security Response Center Blog. Once you have done that I think (if you are not already) you should familiarize yourself with these kind of attacks and there are some very good resources and engineer at Microsoft compiled for you:
General Guidance on SQL Injection:
- Giving SQL Injection the Respect it Deserves (from Michael Howard)
- SQL Injection Mitigation: Using Parameterized Queries (from Neil Carpenter)
Incident Response with focus on SQL Injection:
- Anatomy of a SQL Injection Incident (from Neil Carpenter)
- Anatomy of a SQL Injection Incident, Part 2: Meat (Neil again)
And last but not least some MSDN guidance:
AND
- Preventing SQL Injections in ASP
- SQL Injection Attack – which is a great piece of work pulling the different views of the latest attacks together
Related posts:
- A list of updated domains used in the SQL injection attacks
- The problem about stored procedures and SQL injections
- Third sql injection wave and the impact on Belgian websites
- Yet another sql injection detected (Updated)
- Website Security Strategies that work
- Followup on the 1.js sql injection wave
- Mass malware SQL injections still continuing and the number of Belgian sites infected
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
No comments:
Post a Comment