That is a good one, wish I had time to learn the Paros Proxy and Burp Sweet of web application pen testing tools, that be fun to start throwing that application so much unvalidated input that it be trivial to mine the data out the backend databases. I am sure that app probably has XSS and CSRF on top of SQL injection vulnerabilities they probably don't know about. They might wanna put Urlscan 3.1 on there IIS instance or configure there apache instance accordingly to protect against that developer BS..
Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Jake Gardner [mailto:[email protected]] Sent: Thursday, January 29, 2009 3:31 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks A buddy of mine recently worked on the Gift locator software for tru.com and got into it with a QA guy because the QA guy was throwing up red flags and holding up the project due to software breaking when he manually edited and changed the URL in the browser's address bar. Grrr.... Thanks, Jake Gardner TTC Network Administrator Ext. 246 -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, January 29, 2009 3:26 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks I love showing how bad there software doesn't work with process explorer from sysinternals.com. Then tell them, no they can't have admin rights and get on it and fix it, before I too with Jake throw the book and a few other things at them, Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Jake Gardner [mailto:[email protected]] Sent: Thursday, January 29, 2009 3:24 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks Mastering Windows Server 2003 (Mark Minasi) <--- I always threating to throw mine at the developers that blame my servers when their software doesn't work. Thanks, Jake Gardner TTC Network Administrator Ext. 246 -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, January 29, 2009 3:16 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks Mastering Windows Server 2003 Upgrade Edition for SP1 and R2. ( Mark Minasi) Mastering Windows Server 2003 (Mark Minasi) www.minasi.com Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: John Aldrich [mailto:[email protected]] Sent: Thursday, January 29, 2009 3:11 PM To: Active Directory Admin Issues Subject: RE: Tips 'n' Tricks Ed, could you recommend some specific titles? Also, I'm not very good at that "self-paced" thing... It's just not my "thing." I may end up having to try and find financing for some classes. Do you know of any classes, say at the folks who specialize in teaching for your certificates that would be good? ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
