Re: [SC-L] [WEB SECURITY] Re: Backdoors in custom software applications

Jeff Williams did a talk about this at Blackhat last year as well for Java Rootkits. Paper here: http://www.blackhat.com/presentations/bh-usa-09/WILLIAMS/BHUSA09-Williams-En terpriseJavaRootkits-PAPER.pdf On 12/17/10 8:56 AM, Chris Wysopal cwyso...@veracode.com wrote: Here is a paper that

Re: [SC-L] [WEB SECURITY] Backdoors in custom software applications

Sebastian - Looks like you got great replies! Lots of different theories and ideas here. On a day to day basis - here are the most common backdoors in webapps I've encountered over the last 15 years or so: 1) Developer Tools Backdoor hidden under obscure path 2) COTS module improperly deployed

[SC-L] Q: SQL Query Sanitizer Library?

Hi All, Is anyone aware of an open source library for sanitizing SQL queries from untrusted sources? Jeff ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List

Re: [SC-L] [WEB SECURITY] Backdoors in custom software applications

On Mon, 20 Dec 2010, Arian J. Evans wrote: On a day to day basis - here are the most common backdoors in webapps I've encountered over the last 15 years or so: 1) Developer Tools Backdoor hidden under obscure path 2) COTS module improperly deployed results in backdoor 3) Custom admin module,