tag:blogger.com,1999:blog-13756280.post5960434678667814129..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: 5 great Web security blogs you haven't heard ofJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-13756280.post-87866835057302921392011-09-15T06:51:53.080-07:002011-09-15T06:51:53.080-07:00@Andrew
Unfortunately SQL injection is due to a l...@Andrew<br /><br />Unfortunately SQL injection is due to a lack of sufficient input validation and sanitization within your web applications code. <br /><br />Ultimately the fault lies with yourselves/your developers - rather than your webhost who may/may not be responsible for infrastructure level issues (for example an out of date webserver that contains vulnerabilities).<br /><br />In terms of preventing SQL injection, the most effective way is to use prepared statements (also known as parameterized queries). Also, don't forget to have frequent penetration tests to find issues before someone else exploits them.<br /><br />Realise this comment was made some time ago, but hopefully this will be useful to other readers too.<br /><br />James, @_<a href="http://www.securatek.net" rel="nofollow">securatek</a>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-64734179754257174992010-01-22T00:40:59.585-08:002010-01-22T00:40:59.585-08:00Thanks for sharing! Yes, all of them look great - ...Thanks for sharing! Yes, all of them look great - and I guess I should spend a little more time again looking for new information sources.sports handicappinghttp://www.sports-picks.biz/noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-67368348246685521662009-06-23T07:22:22.077-07:002009-06-23T07:22:22.077-07:00@Andrew, if the code was your own (and not the ASP...@Andrew, if the code was your own (and not the ASPs), I'd say you unfortunately are left holding the bag with regards to costs and responsibility. That is unless they've taken on some contractual liability, but doubtful. Also the ASP likely could not have done much about such an attack against vulnerable custom code with traditional security technology.<br /><br />Some ASPs are now offering "security" as a differentiating factor and installing Web Application Firewalls. Check out: http://www.firehost.com/<br /><br />Hope this helps.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-64685684711124069872009-06-22T18:38:47.494-07:002009-06-22T18:38:47.494-07:00Hi Jeremiah
Our radio station website was hacked ...Hi Jeremiah<br /><br />Our radio station website was hacked last week with a possible SQL injection. Every news story had viagra seo spam placed at the end of every story. It was made invisible on the frontend.<br /><br />Our site is written in asp. Our site is hosted by our web developers in their KL datacentre. <br /><br />Should the web hosting company take responsibility for the attack? Could they have prevented it by tighter hosting security or does it lay in the sites weakness.<br /><br />Do I just have to wear the cost or repairs?<br /><br />I'd appreciate your thoughts.<br /><br />AndrewAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-32183216208952019712009-05-19T09:24:00.000-07:002009-05-19T09:24:00.000-07:00@Mauricio, if you ping me via email, I've be happy...@Mauricio, if you ping me via email, I've be happy to give you my OPML file. Don't know of any other decent way to share it out online.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-55430894215694596072009-05-18T09:17:00.000-07:002009-05-18T09:17:00.000-07:00Thanks a lot! It helps me to increase my security ...Thanks a lot! It helps me to increase my security knowledge. You're the best.Raul Diaznoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-61392153449710528112009-05-17T20:15:00.000-07:002009-05-17T20:15:00.000-07:00Thanks!.
Is it posiible for you the post the other...Thanks!.<br />Is it posiible for you the post the other 200 rss feeds that you read?<br /><br />Im suscribed to some feeds but im not sure which ones are the best.<br /><br />thanks!<br /><br />MauricioAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-85528299185088749982009-05-14T19:12:00.000-07:002009-05-14T19:12:00.000-07:00Thank you, Jeremiah. Too kind.Thank you, Jeremiah. Too kind.Russ McReehttps://www.blogger.com/profile/05647342839278416757noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-91925199874490037422009-05-13T22:43:00.000-07:002009-05-13T22:43:00.000-07:00Russ's blog is the only one I already had in my re...Russ's blog is the only one I already had in my reader... thanks for the heads up on the rest!<br /><br />As the list gets too long to keep track of I need to whittle it down, and sometimes good ones fall off.<br /><br />Thanks!Rafal Loshttps://www.blogger.com/profile/18106347834259269413noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-54949644606541333832009-05-13T19:50:00.000-07:002009-05-13T19:50:00.000-07:00Thanks for the plug Jeremiah - much appreciated.
...Thanks for the plug Jeremiah - much appreciated.<br /><br />Michael Sutton<br />VP, Security Research<br />ZscalerMichael Suttonhttps://www.blogger.com/profile/12614648693197428321noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-87517097707975828482009-05-13T10:19:00.000-07:002009-05-13T10:19:00.000-07:00Thanks! Just added to RSS readerThanks! Just added to RSS readerPentohttps://www.blogger.com/profile/17366441461174687940noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-20837782780698533942009-05-13T09:24:00.000-07:002009-05-13T09:24:00.000-07:00Thanks for sharing! Yes, all of them look great - ...Thanks for sharing! Yes, all of them look great - and I guess I should spend a little more time again looking for new information sources.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-37542395937702840952009-05-13T09:23:00.000-07:002009-05-13T09:23:00.000-07:00I thought The Spanner was a well known blog...I thought The Spanner was a well known blog...Raz0rhttp://raz0r.name/noreply@blogger.com