Archive for Resources
Author: Dave Lewis
November 8, 2007 at 11:00 am · Filed under Disclosure, Resources
In the course of submitting a security vulnerability to a vendor today, I was referred to the “Organization of Internet Safety” guidelines for reporting (.pdf) security vulnerabilities to vendors.
No worries.
I downloaded it and gave it a read. The part that struck me was that is was released in September 2004. So, I went to check for a possible newer version but, that’s the one. The most recent press release on the site dates from 2004 as well. Has this organization (which, admittedly, I only loosely recall) gone toes up?
Site Link
Tags: Vulnerability Disclosure, Vulnerabilities, Vendor Disclosure, OIS
Author: Dave Lewis
October 6, 2007 at 10:26 am · Filed under Data Security, Resources
Here is another SQL injection sheet that I noticed in my travels through the void of the internet.
From Mavituna.com:
Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.
Cheat Sheet.
Tags: SQL Injection, SQL Injection Cheat Sheet, Cheat Sheet
Author: Dave Lewis
October 6, 2007 at 9:05 am · Filed under Data Security, Resources
Here is an interesting one. A cheat sheet for Access. I’m not certain how often this is used for anything other than internal company applications. This could be useful for testing end user computing but, in those cases you would often have direct interaction with the .mdb. If you do in fact have direct access to the database then it’s all over. And in the event the database is password protected it is a trivial matter to crack this with a tool such as Cain & Abel.
Cheat Sheet.
Tags: MS Access Cheat Sheet, MS Access Sql Injection, SQL Injection
Explore
Security Bloggers Network
