|
-
June 13th, 2007, 10:55 AM
#6
Testing for SQL injection and some source code auditting should be done on the application. But don't forget to check the permissions on the tables and databases as d34dI0k1 noted.
Big warning as this is one of the biggest issues with third party apps:
DO NOT ALLOW THE APPLICATION TO USE THE (MS-SQL) SA ACCOUNT!
There are basicly 3 different things you need to audit:
1) The server/OS itself, needs to be hardened, basic rule: if you don't need/use something, disable or preferably remove it.
2) The application, source code audit (SQL injection, fuzzing, buffer overflows etc.)
3) The database, accounts/permissions on tables/databases (LPR; Least Privilege Required).
Last edited by SirDice; June 13th, 2007 at 10:58 AM.
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By SDK in forum Microsoft Security Discussions
Replies: 0
Last Post: September 3rd, 2004, 01:12 PM
-
By SDK in forum Microsoft Security Discussions
Replies: 0
Last Post: April 9th, 2004, 08:27 PM
-
By Soda_Popinsky in forum Web Security
Replies: 5
Last Post: February 15th, 2004, 03:19 AM
-
By hatebreed2000 in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 14th, 2003, 06:36 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote