Myth or reality? This paper at imperva.com shows how relatively simple techniques can be used to automatically find and attack vulnerable application servers. Looks plausible enough to me.
You’ve been warned: use a serious framework for your next project ;-)
This entry was posted on Wednesday, March 31st, 2004 at 8:00 am and is filed under The Web. You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
Well, even if Cocoon doesn’t have some of the wide-open holes that some systems have, protecting from SQL injection is not built into the framework and requires careful inspection of direct transmission of request parameters to SQL queries…
Anyway, thanks for the pointers, this is an interesting read!
cat myself | sort | head -2
Bertrand Delacrétaz here - my "résumé" will tell you more.
The opinions expressed here are my own, I'm not representing any group or company on this blog. YMMV.
RT @rombert: Using #ApacheSling with Docker? Note that our updated Docker image is `apache/sling`. The old `apachesling/sling` one is depre… 3 days ago
RT @adobedevs: It’s official 🎉 Adobe I/O Runtime, our serverless platform, has graduated from private beta and is now available to enterpri… 4 days ago
Radiating intent is indeed a great way to move forward without wasting too much time with permissions or forgivenes… twitter.com/i/web/status/1…1 week ago
RT @philgaimon: I promised I’d do more cycling advocacy. You won’t like it but you might feel it.
Please Share This When I'm Killed by So… 1 week ago
RT @kenshirriff: The Apollo Guidance Computer navigated to the moon, but can it mine Bitcoin? I tried it on our working AGC; at 10.3 second… 1 week ago
Well, even if Cocoon doesn’t have some of the wide-open holes that some systems have, protecting from SQL injection is not built into the framework and requires careful inspection of direct transmission of request parameters to SQL queries…
Anyway, thanks for the pointers, this is an interesting read!