Your Web application connects to a database. You supply the user name and password, establish the connection, and run your query. A very simple, easy to use, and essential component to web applications.
How do we know our code is bug free? What makes us believe that our application is always going to work?
This is a very scary thing. I wrote a blog post last year about this type of thing in response to Rich’s post on lax wireless security. I was trying to think up scenarios where this would be a problem, and the best example I thought of is what I am going to call the “Pink Slip Virus 2008”.
Mozilla is trying to set a world download record. Then add in NoScript, and enjoy some (more) secure browsing.
(I think it starts at 10 PT).
It’s a good thing Adrian joined when he did, because I’m slammed with speaking events this week and he gets to mind the blog.
‘I’m not sure if it’s the innate human desire to recognize patterns even when they don’t exist, or if the stars really do align on occasion, but sometimes a series of random events hit at just the right time to inspire a little thought.
In a previous post I have noted that ultimately SQL Injection is a database attack through a web application proxy, and that the Database and the associated Database Administrators need to play a larger part in the defense of data and applications. I recommended a couple steps to assist in combating attacks through the use of stored procedures to help in input parameter validation. I also want to make additional recommendations in the areas of separation of duties and compartmentalization of…
Earlier today I had a bit of a shock when our fearless editor Chris Pepper congratulated me on our 500th post. I started this blog just under two years ago to test the waters of this whole new media thing. Much to my surprise, almost exactly a year after that I took the plunge, quit a heck of a good job, and turned Securosis into a company, not just a place for my random rants. Over that time Chris joined me as editor, and David Mortman as an occasional contributor.
Believe it or not, I’m going to work with Rich Mogull at Securosis. Worse yet, I’m excited about it!
On the outside looking in, Rich and I have dissimilar backgrounds. I have been working in product development and IT over the last ten years, and Rich has been an analyst and market strategist. But during the four years I have known Rich, we have shown an uncanny similarity in our views on data security across the board. We are both tech guys at the core, and have independently arrived at the…
I spend a reasonable amount of time writing security articles for the consumer audience over at TidBITS, never mind this site. When I talk about browser security, one of my top tips is to avoid risky behavior and “those” sites. Although that’s pretty standard advice, it’s become a load of bollocks, and I can no longer give it in good conscience.