Article Announcement: Detection of SQL Injection and Cross-site Scripting Attacks

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 03/17/04

  • Next message: Augusto Quadros Paes de Barros: "security tools" 
    Date: Wed, 17 Mar 2004 10:05:55 -0700 (MST)
To: Focus-MS <focus-ms@securityfocus.com>

    Detection of SQL Injection and Cross-site Scripting Attacks
    By K. K. Mookhey and Nilesh Burghate Mar 17, 2004

    This article discusses techniques to detect SQL Injection and Cross Site
    Scripting (CSS) attacks against your networks using regular expressions
    with the open-source IDS, Snort.

    http://www.securityfocus.com/infocus/1768

    Marc Fossi
    Symantec Corp.
    www.symantec.com

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with
    Astaro Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost
    of ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
    ---------------------------------------------------------------------------

  • Next message: Augusto Quadros Paes de Barros: "security tools"

    Relevant Pages

    • New article annnouncement (2)
      ... The following two articles were published on SecurityFocus today: ... Detection of SQL Injection and Cross-site Scripting Attacks ... This article discusses techniques to detect SQL Injection and Cross Site ... Security Linux, the comprehensive security solution that combines six ...
      (Incidents)
    • [Full-Disclosure] Serious Possible SQL Injection in munchahouse.com Ecommerce site
      ... Possible SQL Injection in munchahouse.com ... 2003-2004 by YSGNet* 01 Security ... Some vulnerabilities have been discovered in munchahouse ... Successful exploitation may disclose sensitive information, ...
      (Full-Disclosure)
    • [Full-Disclosure] Serious SQL Injection in munchahouse.com : a shopping site.,
      ... Serious SQL Injection in munchahouse.com ... 2003-2004 by YSGNet* 01 Security ... Some vulnerabilities have been discovered in munchahouse ... Successful exploitation may disclose sensitive information, ...
      (Full-Disclosure)
    • RE: Checkpoint SmartDefense
      ... Another option that can be used instead of the default SQL injection ... protection is the "worm catcher" - you can write pretty good regular ... As my expertise is web applications security, I can comment only on the ... attacks such as SQL injection or XSS, ...
      (Focus-IDS)
    • RE: SQL Injection Legalities
      ... but my interpretation of this law is that the "crime" ... > enter search terms at your discretion. ... > a security mechanism in this case. ... > system as a result of the SQL injection. ...
      (Pen-Test)