Hi everyone, Bryan here. Michael wrote a great post here on SDL-required SQL injection defense techniques in the wake of the recent mass SQL injection attacks against ASP sites. Additionally, the Security Vulnerability Research & Defense blog has just posted an analysis of the attack along with guidance recommendations for IT/database admins, web developers, and end users. Finally, if you are looking for classic ASP-specific (not ASP.NET) guidance, Bala Neerumalla has posted a detailed document on preventing SQL injection in ASP on MSDN.
Good thinking about threat models
We wanted to take a minute to point out this good post from Gunnar Peterson. … Read more »
The Zbot battle: Microsoft turns up the heat
Botnets are networks of compromised computers controlled by cybercriminals. Botnets can send out spam, spread … Read more »
The Importance of Planning for Services Failure in the Cloud
When we’re talking about cloud services, I’m a firm believer in the idea that services … Read more »