Skip Links

Network World

  • Social Web 
  • Email 
  • Close

How we did it

By Thomas Powell, Network World Global Test Alliance , Network World , 08/18/2003
  • Share/Email
  • Comment
  • Print

We used a pair of Dell PowerEdge 6000 servers running Windows 2000 and Microsoft Internet Information Server 5.0 as the testing platform. The test sites installed used ColdFusion and Active Server Pages for dynamic database access and did not have input sanitization built in. Testing covered exploits such as URL tampering, form-field manipulation, SQL injection and many known IIS server specific exploits. Two other machines on a connected network using automated security audit tools and manual attacks performed testing. A third machine was used as the administration console for altering and configuration where possible. Server interaction was monitored not only at the browser level but the underlying HTTP discussion was monitored to ensure standard interaction between systems.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.