Re: [fw-wiz] preventing XSS and SQL injection?
From: David Thiel (lx_at_redundancy.redundancy.org)
Date: 06/02/05
- Previous message: Chuck Swiger: "Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?"
- In reply to: ArkanoiD: "[fw-wiz] preventing XSS and SQL injection?"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 2 Jun 2005 14:17:16 -0700
On Thu, Jun 02, 2005 at 05:08:19PM +0400, ArkanoiD wrote:
> Are there any hints on preventing cross-site scripting attacks and
> SQL injection on proxy firewall by, say, applying some regexps on url data?
There are several Snort rules which have regexes for detecting XSS and
SQL injection. You could either use a Snort or similar box inline, or
adapt them to your own proxy.
Most snort XSS/SQL injection sigs are for specific attacks, but some
people have taken a crack at making more generic rules:
http://www.nii.co.in/research/snort.html#sqlinj
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Chuck Swiger: "Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?"
- In reply to: ArkanoiD: "[fw-wiz] preventing XSS and SQL injection?"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] preventing XSS and SQL injection?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
