January 8, 2009 - 21:20 CET "As you saw from your implementation, writing your own security routines isn't always a good idea", Mr. X said looking me straight in the eyes.
[...]

January 5, 2009 - 22:15 CET I thought about what Mr. X said for a while.
[...]

January 4, 2009 - 15:21 CET "So let's go back to the input validation", Mr. X said. "How do you want to do the validation of the names now?"
[...]

January 4, 2009 - 14:17 CET "Now remember", Mr. X said, "that we are storing most of our user data in LDAP. But when we are storing orders, we store the name in our SQL database as a part of the shipping address. How do you suggest we handle LDAP injection with your approach?"
[...]

January 4, 2009 - 10:17 CET After finishing the call, Mr. X came back into my office.
[...]

January 3, 2009 - 11:39 CET The next morning I got my first go at a real system for a real customer. One of the company's clients had recently had a successful hacking attempt on one of their systems, and they wanted us to review and fix it.
[...]

December 8, 2008 - 21:09 CET Today was a disaster - I really messed it up.
[...]

November 11, 2008 - 19:21 CET I just posted a new blog entry over at honeynor.no with at analysis of some of the SQL-injection attacks we've seen in Norway lately. Read the full post here: http://www.honeynor.no/2008/11/11/looking-at-some-sql-injection-attacks/[...]

June 19, 2008 - 00:36 CEST The last couple of days I've been attending NDC2008(Norwegian Developer Conference) here in Oslo. Mats Torgersen's talk on LINQ under the covers was quite interesting.
[...]

May 28, 2008 - 08:37 CEST I just read Ronald van den Heetkamp's post about hackers using SQL-injection spread malware. The hackers are basically using SQL-injection to inject code that, when opened in a browser, will exploit a security hole in the latest version of flash.[...]