I ran into this issue a while ago where I lost internet access connection after installing a windows update and turns out to be because of my ZoneAlarm installation. More...

Microsoft released The Microsoft Source Code Analyzer for SQL Injection tool (for ASP code) is available to find SQL injection vulnerabilities More...

I do have an idea about SSL, certificates and related security concepts but in my previous works, it was someone else (client IT) who did the preparation, request and installation of SSL certificates until lately when I had to do it myself. I also had experience with trial and self signed certificates but still some things are not the same of course (including the risk of messing something up).

It's not as difficult as it sounds but want to share a few things. More...

I think most people should know this already although I'm not quite sure about that so posting anyways.

Most often than not I receive emails being sent to mailing lists where the the individual recipients don't really know each other or even if they do they might not necessarily want the other recipients of their existing email address. I personally don't really mind disclosing my information (as having my blog and numerous online profiles would easily help you figure out my email) but there is a very high possibility that others would actually mind doing such and unless you are absolutely sure that they don't then use BCC (blind carbon copy) for those email recipients instead. More...

While working (or actually just playing around) with the infamous SQL injection attacks seen around lately I think it should be worth mentioning that being a developer browser and your own PCs security security is also important  or as important as securing your web servers and databases. More...

One of the requirement for an application I'm currently working on is for the end user of a web application/site to be able to create objects in the database.

There are a number of objects that must be created or manipulated but for the sake of simplicity let's take for example creating a table with one column. The SQL statement would look like:

CREATE TABLE [MyTable] ( [MyColumn] INT NOT NULL )

To minimize SQL injection, I was hoping I could use the sp_executesql stored procedure to come up with a parameterized query (in addition to other preventive measures like validating input). Something like:

When I executed the statement it returned an error "Incorrect syntax near '@TableName'". Though I haven't worked with sp_executesql with Data Definition Language (DDL) statements I have been using it for Data Manipulation Language (DML) statements such as conditional selects and others so I'm quite sure there is nothing wrong with syntax near @TableName by itself. What could be wrong?More...

UPDATE (6/19/2008) : For both IT people and end users please spend time reading through (if not here then at least from other sites, just be sure you are aware nevertheless) if you aren't that aware yet since this exploit has been continually spreading despite numerous warnings already made in the web. For developers, please feel free to comment, add or correct any information you think would further benefit others. For end users, I would still recommend knowing about more about this issue, how to protect yourself and stop yourself from being part of spreading it. Link to the following section might be of interest to you : browser and anti spy software

UPDATE (6/27/2008) : Came across Scrawlr an SQL Injection Detection Tool from HP that is available for free. There probably are other tools available (better) but this is the one I ran into so far. Also a tool named UrlScan from Microsoft TechNet was suggested by Jax (see comments). It can be used to screen/limit request information being sent to your site, the same way that http.sys does for IIS6 or later. You want to have a look.

There seems to be a number of SQL injection attacks happening lately involving adding of <script with banner82.org/b.js, adword71.com/b.js (and the likes ) to entries under string/text/varchar columns in the database targetting ASP (classic/3.0) sites and SQL Server. Note, they need not know your table or column names to mess up with you.

I definitely do not wish to play cops and robbers here but I wish to contribute a little on this. There are a number of articles on this (read along) and even more for preventing/cleaning SQL injection and other related exploits such as cross-site scripting so help yourself. :D More...