This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Testing for SQL Server

From OWASP
Revision as of 14:31, 30 December 2006 by Mmeucci (talk | contribs) (Talk:SQL Server Testing AoC moved to Talk:Testing for SQL Server: naming convention)

Jump to: navigation, search

I think that the timing attack described by Daniel Bleichenbacher is too much of a different nature to be used as an example for the WAITFOR-based injection... Moreover, we should probably change the terminology from "timing attack" to "inferenced attacks" which is the original term used by David Litchfield and is a more general term, encompassing other similar techniques based on error codes and parameter splitting (see his paper in the references) ...what do you guys think ?

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Testing_for_SQL_Server&oldid=14721"