Penetration Testing mailing list archives

RE: SQL injection

From: "Leandro Reox" <lmet5on () fibertel com ar>
Date: Fri, 10 Jun 2005 01:42:03 -0200

I Agree.
But we worked a lot customizing ISS signatures and really do the work for
us, especially Proventia Appliances, to be more specific "G Series" works
great. If the money its not a problem dont doubt to try with inline ips
appliances.

My $.02

Cheers

-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezaf () breach com] 
Sent: Thursday, June 09, 2005 8:07 PM
To: Richard Barrell; Faisal Khan
Cc: pen-test () securityfocus com
Subject: RE: SQL injection



Firstly, Faisal, I don't think that IDS/IPS would help you.

Detecting SQL injection with signatures alone, especially the relatively
straight forward signatures used in most IDS and IPS systems is difficult.
While some SQL injection attacks would be detected many others would not.

And secondly, to make the list of application firewalls complete, we at
Breach Security also sell application firewalls (www.breach.com).

~ Ofer



Ofer Shezaf
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers () breach com
http://www.breach.com

-----Original Message-----
From: Richard Barrell [mailto:rbarrell () sentryware com]
Sent: Thursday, June 09, 2005 7:36 PM
To: Faisal Khan
Cc: pen-test () securityfocus com
Subject: Re: SQL injection

Hi Faisal,

There are dedicated devices that are designed to prevent attacks of
this sort - web application firewalls. Here are a list of
manufacturers that you should look into:

(in alphabetical order)

Imperva          - www.imperva.com/
Kavado           - www.imperva.com/
Netcontinuum     - www.netcontinuum.com/
Teros            - www.teros.com/
Watchfire (Sanctum) - www.watchfire.com

AND, if you'll forgive the plug,

Sentryware:       www.sentryware.com

Good luck in your search,

Rich

-----------------
FK> Pardon the ignorance, but is there any hardware/software based device
that
FK> can outright prevent/mitigate (detect?) SQL injections? Would an IDS
be
FK> able to prevent this?

---------------------
Richard Barrell, CCNP, CCDP
International Pre-Sales Manager

www.sentryware.com
Parque Empresarial Zuatzu
Edificio Urgull, 2ª local 10
20018 Donostia-San Sebastián
Spain

Tel: +34 943 31 73 30
Mvl: +34 646 97 10 18
Skype: mr_barrell

Current thread:

Re: RE: SQL injection, (continued)
- Re: RE: SQL injection travis . barlow (Jun 09)
- RE: SQL injection Ofer Shezaf (Jun 09)
  - RE: SQL injection Hecber Cordova (Jun 09)
    - Exploit Repositories and Due Diligence Jeff (Jun 09)
    - RE: Exploit Repositories and Due Diligence Leandro Reox (Jun 09)
    - RE: Exploit Repositories and Due Diligence Sahir Hidayatullah (Jun 10)
    - RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 14)
    - RE: Exploit Repositories and Due Diligence Carl Tucker (Jun 20)
  - Re: SQL injection Tim (Jun 09)
    - Re: SQL injection James Riden (Jun 09)
  - RE: SQL injection Leandro Reox (Jun 09)
- RE: SQL injection Todd Towles (Jun 09)
  - RE: SQL injection Leandro Reox (Jun 10)
    - Re: SQL injection Hernán M . Racciatti (Jun 10)
    - Re: SQL injection DokFLeed (Jun 10)
- RE: SQL injection Faisal Khan (Jun 12)
  - RE: SQL injection Faiz Ahmad Shuja (Jun 12)