15 Common Mistakes... um make that 16
Posted on 16/9/2007 at 11:07 | 0 comments | link
Clearswift are offering a free White Paper entitled "15 Common Mistakes in Web Security":
http://www.clearswift.com/adsystem/edm/15mistakes_web/default.aspx
only perhaps they should have added number 16:
"16 - Always test your web site thoroughly to ensure you do not expose the internal structure of your network or database to the outside world"
Try it yourself at the above URL - click on "Submit" without completing any fields and sigh when you see:
Server Error in '/' Application.
Cannot insert the value NULL into column 'Name', table 'Web.dbo.tblLeads'; column does not allow nulls. INSERT fails. The statement has been terminated.
[snip]
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
This tells a would-be hacker a fair bit about the structure of their database, and kindly gives up the .NET framework information (and therefore can be easily cross-referenced with any exploits for such).
So that'll be 16 Common Mistakes then...
-Colin
http://www.clearswift.com/adsystem/edm/15mistakes_web/default.aspx
only perhaps they should have added number 16:
"16 - Always test your web site thoroughly to ensure you do not expose the internal structure of your network or database to the outside world"
Try it yourself at the above URL - click on "Submit" without completing any fields and sigh when you see:
Server Error in '/' Application.
Cannot insert the value NULL into column 'Name', table 'Web.dbo.tblLeads'; column does not allow nulls. INSERT fails. The statement has been terminated.
[snip]
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
This tells a would-be hacker a fair bit about the structure of their database, and kindly gives up the .NET framework information (and therefore can be easily cross-referenced with any exploits for such).
So that'll be 16 Common Mistakes then...
-Colin
