Whitehat Security does this type of analysis on websites as a managed service for a fee of course, but they will scan report, and show how to remediate the SQL inject, CSS, and other application layer flaws, but definitely it's a Layer & issue and thr dev's are squarely on the hook for this type of nonsense, along with folks that run websites with SA/DBO privileges and let the web application do anything on the backend DB's ( Again lazy developers, that don't understand secure code from a hole in the ground)
Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2008 9:19 AM To: NT System Admin Issues Subject: RE: Website security checking service SQL Injection is an application layer issue. Nothing with configuring your server is going to stop that (other than possibly filtering out a few common attacks). The devs need to write better code. Cheers Ken From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Thursday, 25 September 2008 10:19 PM To: NT System Admin Issues Subject: Website security checking service Hi chaps, Can anyone recommend a website checking service that will check websites on a regular basis for security issues and report back ? One of our clients suffered an SQL injection attack this week, and on their new rebuilt server they are keen to get some element of reporting as to when any possible issues may be presented to visitors, or to be made aware as to when flaws are found in the sites. The sites change regularly and multiple teams work on any one site so a site that was once tight-as-a-nut may, the next week, be made in-secure by the action of another team. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
