What text was being used for the attack, when the attack occured, where did the attack come from, was the attack successful, is there another way they could exploit that part of the application, how localized or widespread is the attack, and what is the potential risk of all the above in the terms of revenue, developer time, private data, and public confidence.
Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Fri, Nov 20, 2009 at 9:56 AM, Rudi Shumpert <shump...@gmail.com> wrote: > Doing most of that. > > Except for the analysis later part. Anything specific you look for in > doing the analysis? > > > On Fri, Nov 20, 2009 at 9:50 AM, Teddy R. Payne <teddyrpa...@gmail.com>wrote: > >> You start off by trapping the error. Prevent the transaction. Record the >> error somewhere more persistent for review and analysis later. Display an >> error to the user that matches your site with a meaningful message. >> >> Creating error trapping that can specifically identify these types of >> attempts could also reduce your noise to sound ratio as well. >> >> >> Teddy R. Payne, ACCFD >> Google Talk - teddyrpa...@gmail.com >> >> >> >> >> On Fri, Nov 20, 2009 at 9:44 AM, Rudi Shumpert <shump...@gmail.com>wrote: >> >>> the stuff I'm seeing is nothing really new, just was wondering if there >>> are some best practices on what do to after to stop the attempt. >>> >>> -Rudi >>> >>> On Fri, Nov 20, 2009 at 9:27 AM, Mischa Uppelschoten < >>> mischa.uppelscho...@bankersx.com> wrote: >>> >>>> I probably missed something, but this article is almost a year and a >>>> half old... what specifically is attempted now? >>>> >>>> : Hey folks, >>>> >>>> : I saw Johns tweet earlier this week about a new wave of SQL Injection >>>> ( and >>>> >>>> : link to a great article on it >>>> : >>>> http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-again >>>> : st-sql-injection-and-xss), and sure enough Im seeing ahuge upswing in >>>> : attempts. Over 100 failed attempts last night alone. >>>> >>>> : >>>> : We have taken the steps to prevent damage / harm, but I was wondering >>>> what >>>> : folks are doing after they stop the attempt. What kind of message >>>> if any do >>>> : you provide ? Are people checking the logs, and blocking IPs of the >>>> worst >>>> : offenders? Or something else? >>>> : >>>> : -Rudi >>>> >>>> >>>> >>>> >>>> Mischa Uppelschoten >>>> VP of Technology >>>> The Banker's Exchange, LLC. >>>> 4200 Highlands Parkway SE >>>> Suite A >>>> Smyrna, GA 30082-5198 >>>> >>>> Phone: (404) 605-0100 ext. 10 >>>> Fax: (404) 355-7930 >>>> Web: www.BankersX.com >>>> Follow this link for Instant Web Chat: >>>> http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN >>>> ----------------------- *Original Message* ----------------------- >>>> >>>> *From:* Rudi Shumpert <shump...@gmail.com> <shump...@gmail.com> >>>> *To:* discussion@acfug.org >>>> *Date:* Fri, 20 Nov 2009 06:47:20 -0500 >>>> *Subject: [ACFUG Discuss] SQL Injection* >>>> >>>> Hey folks, >>>> >>>> I saw John's tweet earlier this week about a new wave of SQL Injection ( >>>> and link to a great article on it >>>> http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), >>>> and sure enough I'm seeing a huge upswing in attempts. Over 100 failed >>>> attempts last night alone. >>>> >>>> We have taken the steps to prevent damage / harm, but I was wondering >>>> what folks are doing after they stop the attempt. What kind of message if >>>> any do you provide ? Are people checking the logs, and blocking IP's of >>>> the worst offenders? Or something else? >>>> >>>> -Rudi >>>> ------------------------------------------------------------- To >>>> unsubscribe from this list, manage your profile @ >>>> http://www.acfug.org?fa=login.edituserform For more info, see >>>> http://www.acfug.org/mailinglists Archive @ >>>> http://www.mail-archive.com/discussion%40acfug.org/ List hosted by >>>> http://www.fusionlink.com------------------------------------------------------------- >>> >>> >>> >> >
