[WEB SECURITY] SQL Injection:Paros and patent violation

MKP secqrity at yahoo.com
Thu Jul 13 05:10:13 EDT 2006


I have a query on usage of Paros.
   
  Since Paros has a feature to scan for web application vulnerabilities like SQL Injection, XSS etc does the usage of paros infringe the Patent being held by Sanctum (Now Watchfire)- US Patent Number 6,584,569 ?
   
  What restrictions can a patent impose on open source tools (its usage) that have implemented the patented features?
   
  Please share your thoughts.
   
  Regards
  MKP
   
   
   
  -----Original Message-----
From: Schmidt, Albert E [mailto:AES at ola.state.md.us] 
Sent: Thursday, July 13, 2006 12:21 AM
To: websecurity at webappsec.org
Subject: RE: [WEB SECURITY] SQL Injection
   
  Can anybody please provide me with advice on constructing a SQL
  Injection? I am currently auditing a web application.  During the audit
  I performed a Paros scan.  The Paros scan resulted in showing several
  area's were a SQL injection is possible; however, unless I can exploit a
  SQL injection then I am not able to prove that SQL injection is
  possible.  I am not looking for complex statements, just something
  simple that will provide me information to prove injection is possible.
   
  If you cannot provide this information could you please provide me with
  a reference to a book or web page that can.
   
  Thank you,
   
  Albert E. Schmidt, CPA
  Senior Information System Auditor
  Office of Legislative Audits
   
  ----------------------------------------------------------------------------
  The Web Security Mailing List: 
  http://www.webappsec.org/lists/websecurity/
   
  The Web Security Mailing List Archives: 
  http://www.webappsec.org/lists/websecurity/archive/
  http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

 			
---------------------------------
Sneak preview the  all-new Yahoo.com. It's not radically different. Just radically better. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060713/661f8720/attachment.html>


More information about the websecurity mailing list