Penetration Testing mailing list archives
RE: SQL injection
From: "Ofer Shezaf" <Ofer.Shezaf () breach com>
Date: Thu, 9 Jun 2005 18:06:38 -0400
Firstly, Faisal, I don't think that IDS/IPS would help you. Detecting SQL injection with signatures alone, especially the relatively straight forward signatures used in most IDS and IPS systems is difficult. While some SQL injection attacks would be detected many others would not. And secondly, to make the list of application firewalls complete, we at Breach Security also sell application firewalls (www.breach.com). ~ Ofer Ofer Shezaf CTO, Breach Security Phone (US): +1 (760) 268.1924 ext. 702 Phone (Israel): +972 (9) 956.0036 ext.212 Cell: +972 (54) 443.1119 ofers () breach com http://www.breach.com
-----Original Message----- From: Richard Barrell [mailto:rbarrell () sentryware com] Sent: Thursday, June 09, 2005 7:36 PM To: Faisal Khan Cc: pen-test () securityfocus com Subject: Re: SQL injection Hi Faisal, There are dedicated devices that are designed to prevent attacks of this sort - web application firewalls. Here are a list of manufacturers that you should look into: (in alphabetical order) Imperva - www.imperva.com/ Kavado - www.imperva.com/ Netcontinuum - www.netcontinuum.com/ Teros - www.teros.com/ Watchfire (Sanctum) - www.watchfire.com AND, if you'll forgive the plug, Sentryware: www.sentryware.com Good luck in your search, Rich ----------------- FK> Pardon the ignorance, but is there any hardware/software based device that FK> can outright prevent/mitigate (detect?) SQL injections? Would an IDS be FK> able to prevent this? --------------------- Richard Barrell, CCNP, CCDP International Pre-Sales Manager www.sentryware.com Parque Empresarial Zuatzu Edificio Urgull, 2ª local 10 20018 Donostia-San Sebastián Spain Tel: +34 943 31 73 30 Mvl: +34 646 97 10 18 Skype: mr_barrell
Current thread:
- RE: SQL injection Todd Towles (Jun 09)
- <Possible follow-ups>
- Re: SQL injection Davi Ottenheimer (Jun 09)
- RE: SQL injection Bénoni MARTIN (Jun 09)
- Re: RE: SQL injection travis . barlow (Jun 09)
- RE: SQL injection Ofer Shezaf (Jun 09)
- RE: SQL injection Hecber Cordova (Jun 09)
- Exploit Repositories and Due Diligence Jeff (Jun 09)
- RE: Exploit Repositories and Due Diligence Leandro Reox (Jun 09)
- RE: Exploit Repositories and Due Diligence Sahir Hidayatullah (Jun 10)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 14)
- RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 20)
- RE: SQL injection Hecber Cordova (Jun 09)
- Re: SQL injection Tim (Jun 09)
- Re: SQL injection James Riden (Jun 09)
- RE: SQL injection Leandro Reox (Jun 09)
- RE: SQL injection Todd Towles (Jun 09)