Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SQL injection

from [Hecber Cordova] Network Security [Permanent Link]
Subject: RE: SQL injection
Date: Thu, 09 Jun 2005 20:00:49 -0400 
        Hi,

        You can use Apache  with mod_security, setting filters you can
stop SQL-Injections type attacks. 

        Review this paper at Security Focus:
http://www.securityfocus.com/infocus/1739

El jue, 09-06-2005 a las 18:06 -0400, Ofer Shezaf escribiÃ:


Firstly, Faisal, I don't think that IDS/IPS would help you.

Detecting SQL injection with signatures alone, especially the relatively 
straight forward signatures used in most IDS and IPS systems is difficult. 
While some SQL injection attacks would be detected many others would not.

And secondly, to make the list of application firewalls complete, we at 
Breach Security also sell application firewalls (www.breach.com).

~ Ofer



Ofer Shezaf
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers@breach.com
http://www.breach.com



-----Original Message-----
From: Richard Barrell [mailto:rbarrell@sentryware.com]
Sent: Thursday, June 09, 2005 7:36 PM
To: Faisal Khan
Cc: pen-test@securityfocus.com
Subject: Re: SQL injection

Hi Faisal,

There are dedicated devices that are designed to prevent attacks of
this sort - web application firewalls. Here are a list of
manufacturers that you should look into:

(in alphabetical order)

Imperva          - www.imperva.com/
Kavado           - www.imperva.com/
Netcontinuum     - www.netcontinuum.com/
Teros            - www.teros.com/
Watchfire (Sanctum) - www.watchfire.com

AND, if you'll forgive the plug,

Sentryware:       www.sentryware.com

Good luck in your search,

Rich

-----------------
FK> Pardon the ignorance, but is there any hardware/software based device
that
FK> can outright prevent/mitigate (detect?) SQL injections? Would an IDS
be
FK> able to prevent this?

---------------------
Richard Barrell, CCNP, CCDP
International Pre-Sales Manager

www.sentryware.com
Parque Empresarial Zuatzu
Edificio Urgull, 2Â local 10
20018 Donostia-San SebastiÃn
Spain

Tel: +34 943 31 73 30
Mvl: +34 646 97 10 18
Skype: mr_barrell
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SQL injection, Ofer Shezaf
Next by Date:  Exploit Repositories and Due Diligence, Jeff
Previous by Thread:  RE: SQL injection, Ofer Shezaf
Next by Thread:  Exploit Repositories and Due Diligence, Jeff
Indexes:  [Date] [Thread] [Top] [All Lists]