Re: [fw-wiz] Protocol inspection



Is this a reasonable path to go down, or is there more functionality in
vendor responses to and protection
against SQL injection?

The best (and cheapest) way to address this issue is to implement proper
input handling in your web apps. Even if it's a third-party's code, you
should work with them to fix as many of these vulnerabilities as possible.

Depending on what systems you have sitting out in front of your web apps and
how sophisticated you can get with content rules, there are some general
ways to prevent SQL injection attacks. They almost all rely on a similar
subset of characters in order to open or close the injection attack. The
biggest headache is building filters around all of the possible encoding
options for these characters. For example:

' is the same as %27 is the same as ' to the web server, but they're
very different in-path.

I guess the bottom line is that if you have to choose one, fix the app. If
you can do both, do both. And if you can only secure your web apps with
in-line proxies and IPS rules, then set the expectation with your business
that they're going to get pwned again.

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • legal characters for username?
    ... out what the legal characters are for usernames for an application that ... Windows applications that are supposed to use a common security model, ... the web apps. ...
    (microsoft.public.win2000.active_directory)
  • Re: Create New SSP Issue
    ... check the services on server page ... Steve Smith ... created web apps in attempt to get this to work but I am having no luck. ... Does anyone know how to fix this problem. ...
    (microsoft.public.sharepoint.portalserver)