Comments on: WebGoat http://itsecpackets.com/blog/2008/07/13/webgoat/ A Progammer explores the IT Security field; offering packets of useful information he picks up along the way. Sat, 22 Nov 2008 22:07:25 +0000 http://wordpress.org/?v=2.5.1 By: ITSec Packets | OSWASP 2008 and Fortify http://itsecpackets.com/blog/2008/07/13/webgoat/#comment-255 ITSec Packets | OSWASP 2008 and Fortify Mon, 06 Oct 2008 13:26:24 +0000 http://itsecpackets.com/blog/?p=50#comment-255 [...] post I talked about WebGoat which is created and maintained by OWASP.   In that post I discussed SQL injection, which is one the of the OWASP top ten “vulns” [...] [...] post I talked about WebGoat which is created and maintained by OWASP.   In that post I discussed SQL injection, which is one the of the OWASP top ten “vulns” [...]

]]> By: Eric http://itsecpackets.com/blog/2008/07/13/webgoat/#comment-192 Eric Wed, 13 Aug 2008 19:29:58 +0000 http://itsecpackets.com/blog/?p=50#comment-192 Another alternate to the sanitization of the parameters would be to use parameterized queries. By using them, you don't have to deal with what might be allowable and what isn't. And even better, if you were using one of the big databases, you would just use stored procedures. Another alternate to the sanitization of the parameters would be to use parameterized queries. By using them, you don’t have to deal with what might be allowable and what isn’t.

And even better, if you were using one of the big databases, you would just use stored procedures.

]]>