From: Leandro Reox (lmet5on@fibertel.com.ar)
Date: Fri Jun 10 2005 - 04:43:50 EDT
Good Point Todd, I think everybody here agree that the first countermeasure
for SqlInjections attack is "Secure Programming". Badcoding will be your
worst enemy at the time when "that kid insert a ' in your login form".
There's no perfect appliance for this kind of attack and maybe hours of
customizing sigs don't worth it. Most of SqlI attackers will give up after
tipyng a fews " ' 'OR 1=1-- , I say most of them, because theres a lot of
good SqlI practicioners out there.
Like Todd says "nothing is 100% secure" so wellcoded web apps + good sigs
based detections + good db diagramming + a lot of conscience makes a nice
combo.
Cheers !
-----Original Message-----
From: Todd Towles [mailto:toddtowles@brookshires.com]
Sent: Friday, June 10, 2005 3:16 AM
To: James Riden; Tim
Cc: pen-test@securityfocus.com
Subject: RE: SQL injection
Well, Sig based detection is that that sig based. So I am sure that new
attacks or old attacks may be able to bypass most IDS/IPS with various
techinques. But no IDS or IPS system is perfect. No firewall or AV is
perfect. We are talking about protection - nothing is 100% secure.
Blocking the basic SQL injection attack is better than nothing at all.
> -----Original Message-----
> From: jriden@it029205.massey.ac.nz
> [mailto:jriden@it029205.massey.ac.nz] On Behalf Of James Riden
> Sent: Thursday, June 09, 2005 10:01 PM
> To: Tim
> Cc: pen-test@securityfocus.com
> Subject: Re: SQL injection
>
> Tim <tim-pentest@sentinelchicken.org> writes:
>
> > I am sure many IPS/IDSes are great for stopping a lot of
> attacks. I
> > find it incredibly hard to believe that they stop all. It is far
> > better to write good code in the first place.
>
> Definitely true.
>
> > To those people out there who recommended this or that IPS/IDS:
> > Have you tested these against real attacks?
>
> Yes, I've caught real attacks using snort with the bleeding
> rules. As you say, perhaps only the obvious ones though
> ("xp_cmdshell").
>
> --
> James Riden / j.riden@massey.ac.nz / Systems Security
> Engineer GPG public key available at:
> http://www.massey.ac.nz/~jriden/ This post does not
> necessarily represent the views of my employer.
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT