WebApp Sec mailing list archives
Re: ISA Server and SQL Injection
From: "Bogdan Tomchuk" <bogdan.tomchuk () polytechnique fr>
Date: Wed, 16 Feb 2005 18:34:34 +0100
I'm not sure any firewall would stop a SQL Injection attack.Web application firewall can do this. They filter http content.
No, they cannot do it either. Problem is the same: By seeing URL you have no reliable way to say which parameter will be used in SQL query and how (with/without transformation). Only application knew it.
Current thread:
- ISA Server and SQL Injection Rafael San Miguel (Feb 14)
- Re: ISA Server and SQL Injection Tim Hoolihan (Feb 17)
- <Possible follow-ups>
- RE: ISA Server and SQL Injection John Steer (Feb 15)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 16)
- Re: ISA Server and SQL Injection Bogdan Tomchuk (Feb 16)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
- Re: ISA Server and SQL Injection Bogdan Tomchuk (Feb 17)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 17)
- RE: ISA Server and SQL Injection Marty Block (Feb 19)
- Re: ISA Server and SQL Injection Matthieu Estrade (Feb 16)
- Re: ISA Server and SQL Injection fantomas (Feb 28)
- Re: ISA Server and SQL Injection Darren Bounds (Feb 16)