Penetration Testing mailing list archives
Re: SQL injection
From: Richard Barrell <rbarrell () sentryware com>
Date: Thu, 9 Jun 2005 18:35:52 +0200
Hi Faisal, There are dedicated devices that are designed to prevent attacks of this sort - web application firewalls. Here are a list of manufacturers that you should look into: (in alphabetical order) Imperva - www.imperva.com/ Kavado - www.imperva.com/ Netcontinuum - www.netcontinuum.com/ Teros - www.teros.com/ Watchfire (Sanctum) - www.watchfire.com AND, if you'll forgive the plug, Sentryware: www.sentryware.com Good luck in your search, Rich ----------------- FK> Pardon the ignorance, but is there any hardware/software based device that FK> can outright prevent/mitigate (detect?) SQL injections? Would an IDS be FK> able to prevent this? --------------------- Richard Barrell, CCNP, CCDP International Pre-Sales Manager www.sentryware.com Parque Empresarial Zuatzu Edificio Urgull, 2ª local 10 20018 Donostia-San Sebastián Spain Tel: +34 943 31 73 30 Mvl: +34 646 97 10 18 Skype: mr_barrell
Current thread:
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services, (continued)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 10)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Geoff Varosky (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services mike king (Jun 07)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Erik Pace Birkholz (Jun 09)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services DUBRAWSKY, IDO (CALLISMA) (Jun 09)
- Message not available
- SQL injection Faisal Khan (Jun 09)
- Re: SQL injection Joel Esler (Jun 09)
- Re: SQL injection ilaiy (Jun 09)
- Re: SQL injection Christian Martorella (Jun 09)
- Re: SQL injection Richard Barrell (Jun 09)
- Re: SQL injection Faisal Khan (Jun 09)
- Re: SQL injection Matt Davis (Jun 09)
- Message not available
- RE: SQL injection Aric Perminter (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)