You're replying to a comment by John H.

July 18, 2008, 20:49

I've got two questions that might somewhat deflate the presentation:

#1 In the SQL injection 'union' attack (clever!) how did the attacker know the columns names and types... inside job? Surely probing on that by an attacker would leave massive traces

#2. In the XSS attack, surely the site would not announce itself as '' ... would the name be utterly shrouded, or would there be a placeholder name, and if so... what would Alice be aware of it? ah the zero-size iframe... clever again

Reply To This Comment

(why do I need your e-mail?)

(Your twitter handle, if you have one.)

Type the word "antispam_70": (just to make sure you're a human)

Please preview the comment before submitting to make sure it's OK.