SlideShare a Scribd company logo

Asp

Adil Jafri, profile picture
Adil Jafri

The document discusses common coding errors in ASP scripts that can lead to security vulnerabilities. It covers three main categories: input validation issues, problems with managing state predictably and securely, and source code maintenance issues. Specific problems discussed include insufficient validation of user-supplied input used in SQL queries, which can enable SQL injection attacks, poor randomness or predictability of session IDs, hardcoded credentials, and debugging code left enabled. The document provides examples of each issue and recommendations for more secure coding practices.

Technology
1 of 17
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp
Asp

More Related Content

PPT
Sql Injection Attacks Siddhesh
Siddhesh Bhobe
 
PPT
D:\Technical\Ppt\Sql Injection
avishkarm
 
PPTX
Sql injection
Hemendra Kumar
 
PPT
SQL Injection
Adhoura Academy
 
PPT
Advanced SQL Injection
amiable_indian
 
PDF
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
PPT
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
PDF
SQL Injection Tutorial
Magno Logan
 
Sql Injection Attacks Siddhesh
Siddhesh Bhobe
 
D:\Technical\Ppt\Sql Injection
avishkarm
 
Sql injection
Hemendra Kumar
 
SQL Injection
Adhoura Academy
 
Advanced SQL Injection
amiable_indian
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
SQL Injection Tutorial
Magno Logan
 

What's hot (20)

PDF
What is advanced SQL Injection? Infographic
JW CyberNerd
 
PPT
Sql injection attack
RajKumar Rampelli
 
PPT
Sql injection
Nikunj Dhameliya
 
PPTX
Ppt on sql injection
ashish20012
 
PPT
Advanced Topics On Sql Injection Protection
amiable_indian
 
PDF
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
PDF
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
PDF
SQL Injection
Abhinav Nair
 
PDF
Sql Injection and XSS
Mike Crabb
 
PPTX
Time-Based Blind SQL Injection
matt_presson
 
PPT
Sql injection
Nitish Kumar
 
PDF
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
PPT
Time-Based Blind SQL Injection using Heavy Queries
Chema Alonso
 
PPT
A Brief Introduction in SQL Injection
Sina Manavi
 
PDF
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
PDF
Not so blind SQL Injection
Francisco Ribeiro
 
PDF
Advanced SQL Injection: Attacks
Nuno Loureiro
 
PDF
Time-Based Blind SQL Injection Using Heavy Queries
Chema Alonso
 
PPTX
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
PPTX
SQL INJECTION
Mentorcs
 
What is advanced SQL Injection? Infographic
JW CyberNerd
 
Sql injection attack
RajKumar Rampelli
 
Sql injection
Nikunj Dhameliya
 
Ppt on sql injection
ashish20012
 
Advanced Topics On Sql Injection Protection
amiable_indian
 
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
SQL Injection
Abhinav Nair
 
Sql Injection and XSS
Mike Crabb
 
Time-Based Blind SQL Injection
matt_presson
 
Sql injection
Nitish Kumar
 
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
Time-Based Blind SQL Injection using Heavy Queries
Chema Alonso
 
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
Not so blind SQL Injection
Francisco Ribeiro
 
Advanced SQL Injection: Attacks
Nuno Loureiro
 
Time-Based Blind SQL Injection Using Heavy Queries
Chema Alonso
 
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
SQL INJECTION
Mentorcs
 
Ad

Viewers also liked (6)

PDF
Primi sui motori di ricerca? Non sempre è la scelta migliore
akabit
 
PPS
Deloqueescapaznuestrocerebro
parquegoya
 
PDF
PresentacióN1
JEANNELLY
 
DOC
pantallazo
vsegurap
 
PDF
Open Source in Azienda: sicurezza e risparmio
akabit
 
PPT
Flex3 Deep Dive Final
RJ Owen
 
Primi sui motori di ricerca? Non sempre è la scelta migliore
akabit
 
Deloqueescapaznuestrocerebro
parquegoya
 
PresentacióN1
JEANNELLY
 
pantallazo
vsegurap
 
Open Source in Azienda: sicurezza e risparmio
akabit
 
Flex3 Deep Dive Final
RJ Owen
 
Ad

Similar to Asp (20)

PPTX
Sql injection
Mehul Boghra
 
PDF
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
PDF
Chapter 14 sql injection
newbie2019
 
PPT
Advanced Sql Injection ENG
Dmitry Evteev
 
PDF
ieee
Radheshyam Dhakad
 
PPT
Sql Injection Adv Owasp
Aung Khant
 
PPT
SQL Injection Attacks
Compare Infobase Limited
 
PPT
Php & Web Security - PHPXperts 2009
mirahman
 
PPT
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
 
PPT
Securing Java EE Web Apps
Frank Kim
 
PPTX
Sql Injection and Entity Frameworks
Rich Helton
 
PDF
POWER OF VISUALIZATION
sihleGumede3
 
PPT
Selected Topics ASP.NET2
Talal Alsubaie
 
PPTX
Playing With (B)Sqli
Chema Alonso
 
PDF
10 Rules for Safer Code [Odoo Experience 2016]
Olivier Dony
 
PDF
10 Rules for Safer Code
Quang Ngoc
 
PDF
business articles
client001competitors
 
PPT
SQL Injection in PHP
Dave Ross
 
PPTX
Web security with Eng Ahmed Galal and Eng Ramy saeid
Ahmed Ghazey
 
PDF
Sq linjection
Mahesh Gupta (DBATAG) - SQL Server Consultant
 
Sql injection
Mehul Boghra
 
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
Chapter 14 sql injection
newbie2019
 
Advanced Sql Injection ENG
Dmitry Evteev
 
ieee
Radheshyam Dhakad
 
Sql Injection Adv Owasp
Aung Khant
 
SQL Injection Attacks
Compare Infobase Limited
 
Php & Web Security - PHPXperts 2009
mirahman
 
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
 
Securing Java EE Web Apps
Frank Kim
 
Sql Injection and Entity Frameworks
Rich Helton
 
POWER OF VISUALIZATION
sihleGumede3
 
Selected Topics ASP.NET2
Talal Alsubaie
 
Playing With (B)Sqli
Chema Alonso
 
10 Rules for Safer Code [Odoo Experience 2016]
Olivier Dony
 
10 Rules for Safer Code
Quang Ngoc
 
business articles
client001competitors
 
SQL Injection in PHP
Dave Ross
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Ahmed Ghazey
 
Sq linjection
Mahesh Gupta (DBATAG) - SQL Server Consultant
 

More from Adil Jafri (20)

PDF
Csajsp Chapter5
Adil Jafri
 
PDF
Php How To
Adil Jafri
 
PDF
Php How To
Adil Jafri
 
PDF
Owl Clock
Adil Jafri
 
PDF
Phpcodebook
Adil Jafri
 
PDF
Phpcodebook
Adil Jafri
 
PDF
Programming Asp Net Bible
Adil Jafri
 
PDF
Tcpip Intro
Adil Jafri
 
PDF
Network Programming Clients
Adil Jafri
 
PDF
Jsp Tutorial
Adil Jafri
 
PPT
Ta Javaserverside Eran Toch
Adil Jafri
 
PDF
Csajsp Chapter10
Adil Jafri
 
PDF
Javascript
Adil Jafri
 
PDF
Flashmx Tutorials
Adil Jafri
 
PDF
Java For The Web With Servlets%2cjsp%2cand Ejb
Adil Jafri
 
PDF
Html Css
Adil Jafri
 
PDF
Digwc
Adil Jafri
 
PDF
Csajsp Chapter12
Adil Jafri
 
PDF
Html Frames
Adil Jafri
 
PDF
Flash Tutorial
Adil Jafri
 
Csajsp Chapter5
Adil Jafri
 
Php How To
Adil Jafri
 
Php How To
Adil Jafri
 
Owl Clock
Adil Jafri
 
Phpcodebook
Adil Jafri
 
Phpcodebook
Adil Jafri
 
Programming Asp Net Bible
Adil Jafri
 
Tcpip Intro
Adil Jafri
 
Network Programming Clients
Adil Jafri
 
Jsp Tutorial
Adil Jafri
 
Ta Javaserverside Eran Toch
Adil Jafri
 
Csajsp Chapter10
Adil Jafri
 
Javascript
Adil Jafri
 
Flashmx Tutorials
Adil Jafri
 
Java For The Web With Servlets%2cjsp%2cand Ejb
Adil Jafri
 
Html Css
Adil Jafri
 
Digwc
Adil Jafri
 
Csajsp Chapter12
Adil Jafri
 
Html Frames
Adil Jafri
 
Flash Tutorial
Adil Jafri
 

Recently uploaded (20)

PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
A Presentation on Artificial Intelligence
memembruh336
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI