Sep 04, 2008
Here are a few gotcha's that I personally came across both in the forums and migrations I've done from IIS6 to IIS7. A lot of the confusion I see in the forums is Classic ASP and 'native' applications using COM+ trying to move to IIS 7. A classic ASP...
1 comments
Filed under: IIS
Aug 21, 2008
I have to give kudo's to the Microsoft IIS team for updating URLScan to help block automated sql injection attacks. Especially to Wade Hilmo and Nazim Lala . They have been very responsive when it came to involving the community (Thanks guys for the w3c...
2 comments
Filed under: IIS, sql injection
Aug 18, 2008
A few questions come up in the forums @ http://forums.iis.net about people moving Classic ASP applications that use CDONTS. CDONTS was introduced in NT4 and was widely popular. With the success of ASP applications 'back in the day', many used CDONTS to...
2 comments
Filed under: IIS, ASP, SMTP, Classic ASP
Jul 08, 2008
I've listened to a lot of podcasts and never "until now" did a podcast. Craig Shoemaker approached me about doing a podcast. It was real easy! All I had to do was talk about the subject I've been involved with since December 2005, IIS 7.0. We introduced...
2 comments
Filed under: IIS
Jun 27, 2008
One of the things I was curious what URLScan actually scanned and how. What is just servervariables or what?! I asked Wade H from the IIS Team for further explaination. It is good to be aware when you are implementing URLScan 3.0 and sql injection rules...
2 comments
Filed under: IIS, sql injection
Jun 24, 2008
For those supporting a Classic ASP and ASP.NET application, you probably have noticed an increase in sql injection attempts. Microsoft has released an updated URLScan 3.0. Here is the link to download URlScan version 3 beta for 32 bit or 64 bit . You...
1 comments
Filed under: IIS
Jun 23, 2008
The sql injection that has came up is affecting several ASP and ASP.NET applications. Although the only way to prevent an attack is validate the code, hopefully these posts will provide some direction. I included some links that discuss this more. http...
2 comments
Filed under: IIS, sql injection
May 30, 2008
Exciting news for IIS 7.0 users. MS has released the much anticipated URL Rewrite module. Here is a post on it. http://learn.iis.net/page.aspx/460/using-url-rewrite-module/ Download the x86 CTP version for IIS 7.0: http://www.iis.net/downloads/default...
0 comments
Filed under: IIS