Re: [fw-wiz] Protocol inspection



On Fri, Mar 28, 2008 at 12:57 PM, Josh <usenetspamtrap@xxxxxxxxx> wrote:

Is this a reasonable path to go down, or is there more
functionality in vendor responses to and protection
against SQL injection?


I'm not an expert, on this list especially, but it seems to me that
the firewall is the wrong place to look in regards to stopping SQL
Injection attacks. The better place would be the coding that allows
for such attacks.

I'm also not aware of "known vulnerabilities" in regards to SQL
Injection - thinking that its more of a per-app kind of thing. Unless,
of course, there's a package out there that, by default, is
vulnerable.

If my thinking is in error, please tell me. I'd like more info myself.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: MS Access and PCI-DSS
    ... The trick is to show you are reasonably aware of vulnerabilities, ... attacks lists of common exploits are a google search away. ... Take SQL injection attacks for example. ...
    (microsoft.public.access.security)
  • Official release of SQL Power Injector 1.2
    ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
    (Bugtraq)
  • Official release of SQL Power Injector 1.2
    ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
    (Pen-Test)
  • Official release of SQL Power Injector 1.2
    ... One of the major improvements is an innovative way to optimize and accelerate the dichotomy in the Blind SQL injection, saving time/number of requests up to 25%. ... Also another great time saver is a new Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context. ... No more time wasted to copy paste the session cookies after you logged... ...
    (Security-Basics)
  • Official release of SQL Power Injector 1.1
    ... I have the pleasure to announce that a new version of SQL Power Injector is now officially available on my web site: ... For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal ... Response of the SQL injection in a customized browser ...
    (Pen-Test)