[200 OK]: A Port80 Software Blog

We're all 200 OK: Web, HTTP and IIS Insights
posts - 204, comments - 2436, trackbacks - 98

Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

The recent wave of SQL injection attacks has made mainstream news, just in case you have not seen it:

Hundreds of Thousands of Microsoft Web Servers Hacked

Jeremiah Grossman and others have made the point, accurately, that this is not a Microsoft IIS Web server issue, but rather that Web developers not adhering to security best practices are to blame (for shame, it is not like we have enough to do already!):

Security expert: Don't blame Microsoft for mass site defacements

To solve this puzzle, look no further than controlling parameters, permissions and sanitizing your inputs with a Web application firewall or WAF like ServerDefender AI or the upcoming ServerDefender VP.  Yes, you can learn to write more secure code, but why wait to get protected or deal with recoding legacy bits?  Get a WAF, and get PCI complaint, something we all need to be focusing on now.

Cheers,
Port80

PS BTW thanks to Jeremiah for being one of the early believers in ServerMask... it is nice to watch as his security star rises!

posted on Monday, April 28, 2008 4:31 PM

Feedback

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

i feel sorry for others who's doesn't know about firewall thingy.
7/22/2008 8:07 AM | modern

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

ASSEMBLY LINE
10/10/2008 1:22 AM | 流水线

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

thanks very good !
10/27/2008 2:11 PM | pornoizle

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

thanks very good !
10/28/2008 1:35 AM | geciktirici sprey

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

www.sexshopum.com
www.harbiarkadas.com
www.harbiarkadas.net
www.harbiarkadas.org
www.itirafet.org
www.ebedava.net
www.elektronikmarket.net
www.ameribress.com
www.clitoriacream.net
www.superspenisbuyutucu.com
www.megabress.com
www.rednightperformans.com
www.performansartirici.com
www.penisplus.tv
www.penispluspenisbuyutucu.com
www.penispluspenisbuyutucu.net
www.cinselmerkez.com
www.aseks.net
www.erotikcamasirlar.com
www.vajinatr.com
www.bakirevajina.com
www.cinselkozmetik.com
www.kozmetikmedikel.com
www.eturknet.com
www.tecavuz.net
www.yutuvideo.com
www.ponotubesex.com
www.laraperuk.com
www.sackanagimerkezi.com
www.peruksa.com
www.perukmarket.com
www.aseks.com
www.aloveshop.com
www.erotikgiyim.com
www.www.geciktiricispreyler.com
www.geciktiricihap.com
www.geciktiriciler.com
www.azdirici.com
www.bayanuyarici.com
www.fntazialemi.com
www.fantaziservisi.om
www.cinselmazemeler.com
www.cinselfantaziurunleri.com
www.erotikdakikalar.com
www.erotikmarketiniz.com
www.seksmarketiniz.com
www.sekshatlari.com
www.erotikdergiler.com
www.erotikderginiz.com
www.penisbuyutucuviprx.com
www.penisbuyutucuvigrx.com
www.penisbuyutuculer.com
www.vigrxpenisbuyutucu.com
www.sismebebekler.com
www.sismebebekshop.com
www.yemekeviniz.com
www.sanalmarketiniz.com
www.elektronikmarket.net
www.ebedava.net
www.kontortr.com
www.elaydin23.com
www.turkcellkontorcu.com
www.aveakontoral.com
www.vodafonekontoral.com
www.toptankontorcu.com
www.cinselkozmetik.com
www.bayanpartnerler.com
www.erkekpartnerler.com
www.kizarkadaslar.com
www.yonjaarkadas.com
www.siberalem-siberalem.com
www.sexpartnerler.com
www.sekspartnerler.com
www.erotikpartnerler.com
www.gencyuz.com
www.erkekarkadaslar.com
www.bayanarkadaslar.com
www.yemekeviniz.com
www.sanalmarketiniz.com
www.baskahaber.com
www.medikalkozmetik.net
www.kozmetikmedikal.com
www.zayiflamavediyet.net
www.zayiflamahapii.com
www.zayiflamabandii.com
www.kilovertr.com
www.zayiflamatr.net
www.diyettr.com
www.toksinbandi.net
www.botoxtr.com
www.botokstr.com
www.selulittedavii.com
www.selulitgiderici.net
www.selulitkremii.com
www.catlaktedavisii.com
www.catlakgiderici.net
www.catlakkremii.com
www.aseks.com
www.erotikgiyim.com
www.aloveshop.com
www.sismebebekshop.com
11/11/2008 3:58 AM | penis büyütücü

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

penis büyütücü hap
12/2/2008 1:29 AM | penis büyütücü hap

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

Penisbuyutuculeri.com | Penis büyütücü, pensi büyütme, penis büyütme teknikleri, penis büyütme yollari, penis büyütücü hap, penis büyütücü krem, penis büyütücü jel, penis büyütücü alet, penis büyütücüler http://www.penisbuyutuculeri.com
12/6/2008 1:05 AM | penis büyütücü hap

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

Sex Ve Erotik Shop Katagorileri : sex shop, sexshop, erotik shop, erotikshop, erotic shop, eroticshop, erotik market, erotikmarket, seks shop, seksshop, erotic market, eroticmarket, sex market, sexmarket, seks market, seksmarket, sexs shop, sexsshop, erotik, erotic, seks, sex, erotik magaza, penis büyütücü, penis büyütücüler, geciktirici sprey, geciktirici spreyler,gögüs büyütücü, gögüs büyütücüler, bayan azdirici damla, geciktirici hap, geciktirici, geciktiriciler, penis büyütücü haplar, penis büyütücü hap, prezervatifler, sisme bebek, sisme bebekler, sisme manken, vibratör, vajina, cinsel istek arttirici, cinsellik, geciktirici krem, cinsel ürünler, erotik ürünler
12/6/2008 1:07 AM | erotik shop

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

thanks
12/16/2008 4:13 PM | oyun

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

thank you
12/16/2008 4:13 PM | sikis

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

Thank you for sharing.
12/21/2008 4:01 PM | youtube

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

Thank you for sharing. Thank you for sharing.
12/21/2008 4:02 PM | izle

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

http://www.penisbuyutuculeri.com
http://www.sexshopum.com
12/25/2008 6:54 AM | penis büyütücü hap

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

sex shop
12/27/2008 2:10 AM | sex shop

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

erotik shop
12/27/2008 2:12 AM | erotik shop

# re: Microsoft Says SQL Injection Attack Not Their Fault (Translation: Get a Web App Firewall!)

seks shop
12/27/2008 2:13 AM | seks shop

Post Comment

Title:  
Name:  
Url:  
Comment:  
Verify:
(Enter the word as it appears in the box above.)