tags:

views:

20

answers:

2

Basically i am looking for the difference between asp injection and sql injection on a asp webpage and what are the different types of asp injection other than sql injection

A: 

I think ASP injection can include non-relational database code such as JavaScript.

SQL injection adds SQL to do harm exclusively to your relational database.

Wikipedia might be a good starting place:

http://en.wikipedia.org/wiki/Code_injection

I would suggest that you not accept raw input from web pages without encoding, validating, and binding them on the server side. It's your best chance to guard against unwanted inputs. How will you know an input is potentially harmful until you look at it?

You should always validate on the server side, even if you do client-side validation.

I'd say that it's unlikely that you'll gain a complete understanding or solution here simply by repeating your question and asking for more links. I'd suggest that you demonstrate some initiative and energy by doing something besides passive questioning.

duffymo
hey thanks for the reply that was pretty helpful but can u suggest me some more links where i can easily differentiate between asp injection and sql injection
abhijay
can you also suggest me some security principles required while designing asp webpage
abhijay
+1  A: 

Simple example: You allow uploading of files. Someone uploads an .asp-file, and voila, they can execute any asp code they want.

Another example: You use the Server.Execute()-method to have some filename and/or asp-code stored in your database. Instead of a filename, someone writes some asp code, and voila, they can execute any asp code they want.

Onkelborg
hey thanks that was helpful but can u just suggest some more examples where asp injection can be explained ..
abhijay