Home
Level Extreme platform
Subscription
Corporate profile
Products & Services
Login
FRANÇAIS
Home
FRANÇAIS
Level Extreme platform
Login
Best practices
Testimonials
Downloads
Articles
Subscription
Subscribe or renew
Benefits
Donate 5$
Donate 10$
Donate 15$
Donate 20$
Donate 25$
Corporate profile
Overview
Portfolio
Products & Services
Consulting services
Enterprise hosting
Web Site Hosting
Graphic design
Book publishing
Support
Troubleshooting
Problem with logins
Contact us
Legal
Copyright
Privacy policy
Terms & Conditions
Français
Preventing Injection attacks
Message
From
25/08/2008 11:02:18
Naomi Nosonovsky
Wisconsin
,
United States
To
22/08/2008 17:29:54
Tc Holzer
Isle of Man
General information
Forum:
Microsoft SQL Server
Category:
Other
Title:
Re:
Preventing Injection attacks
Environment versions
SQL Server:
SQL Server 2005
Miscellaneous
Thread ID:
01341172
Message ID:
01341519
Views:
15
In the meantime the site was attacked again. I'm waiting for my colleagues to come and cleaning the database again.
>You're welcome :)
>
>>Wow, this will take me a while to go through. Thanks for doing this research for me.
>>
>>>>Hi everybody,
>>>>
>>>>I'm thinking, that instead of trying to intercept every request we may try to use UPDATE/INSERT triggers for every table and reject entries contaning < script > Does it sound like a better approach?
>>>>
>>>>What do you think?
>>>>
>>>>Thanks in advance.
>>>
>>>I think it would make sense to research it fully. Here's a few to get you started:
>>>
>>>
http://www1.cs.columbia.edu/~angelos/Papers/sqlrand.pdf
>>>
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
>>>
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
>>>
http://msdn.microsoft.com/en-us/library/bb355989.aspx
>>>
http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx
>>>
http://www.colinmackay.net/tabid/57/Default.aspx
>>>
http://msdn.microsoft.com/en-us/library/aa224806.aspx
>>>
>>>There are some appliances and tools like WatchFire AppScan, Applicure's DotDefender, or eEye's REM Security Management Appliance. Most are cost prohibitive though.
>>>
>>>One thing you can do though is download the trialware of some checking tools so you use it as a test to check for vulnerabilities....
>>>
>>>
http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners
If it's not broken, fix it until it is.
My Blog
Previous
Next
Reply
Map
View the map of this thread
View the map of this thread starting from this message only
View
View all messages of this thread
View all messages of this thread starting from this message only
Click here to load this message in the networking platform
Level Extreme platform
Best practices
Testimonials
Downloads
Articles
Subscription
Subscribe or renew
Benefits
Donate 5$
Donate 10$
Donate 15$
Donate 20$
Donate 25$
Corporate profile
Overview
Portfolio
Products & Services
Consulting services
Enterprise hosting
Web Site Hosting
Graphic design
Book publishing
Support
Troubleshooting
Problem with logins
Contact us
Legal
Copyright
Privacy policy
Terms & Conditions
Login
Google
Copyright © 1993-2024 by Level Extreme Inc. All rights reserved · Website by
levelextreme.com