Re: [fw-wiz] preventing XSS and SQL injection?

From: ArkanoiD (ark_at_eltex.net)
Date: 06/02/05

  • Next message: J. Oquendo: "Re: [fw-wiz] preventing XSS and SQL injection?" 
    To: "J. Oquendo" <sil@infiltrated.net>
Date: Thu, 2 Jun 2005 23:24:09 +0400

    becuase it is too hard to convert history to a formal description. doing it
    not smart enough will lead to necessarity of adding new patterns daily or
    even hourly ;-)

    On Thu, Jun 02, 2005 at 03:36:36PM -0400, J. Oquendo wrote:
    >
    > > It is ok when securing server traffic, but becames extremely difficult
    > > when it comes to client proxy, because there are too many legitimate
    > > traffic patterns to add :-(
    >
    > Why not take a 2 week snapshot of normal traffic patterns then create your
    > ruleset after seeing normal traffic pattern activity.
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    > [ Note: This message contains email list management information ]
    >
    > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > J. Oquendo
    > GPG Key ID 0x97B43D89
    > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89
    >
    > To conquer the enemy without resorting to war is the most
    > desirable. The highest form of generalship is to conquer
    > the enemy by strategy." - Sun Tzu
    >
    > email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
    >
    >
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: J. Oquendo: "Re: [fw-wiz] preventing XSS and SQL injection?"
    Loading