>Hi everybody, > >I'm thinking, that instead of trying to intercept every request we may try to use UPDATE/INSERT triggers for every table and reject entries contaning < script > Does it sound like a better approach? > >What do you think? > >Thanks in advance.
I think it would make sense to research it fully. Here's a few to get you started:
There are some appliances and tools like WatchFire AppScan, Applicure's DotDefender, or eEye's REM Security Management Appliance. Most are cost prohibitive though.
One thing you can do though is download the trialware of some checking tools so you use it as a test to check for vulnerabilities....
010000110101001101101000011000010111001001110000010011110111001001000010011101010111001101110100 "When the debate is lost, slander becomes the tool of the loser." - Socrates Vita contingit, Vive cum eo. (Life Happens, Live With it.) "Life is not measured by the number of breaths we take, but by the moments that take our breath away." -- author unknown "De omnibus dubitandum"