Re: SQL injection

From: James Riden (j.riden@massey.ac.nz)
Date: Thu Jun 09 2005 - 23:01:14 EDT

• Next message: Leandro Reox: "RE: SQL injection"
• Previous message: Tim: "Re: SQL injection"
• In reply to: Tim: "Re: SQL injection"
• Next in thread: Leandro Reox: "RE: SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim <tim-pentest@sentinelchicken.org> writes:

> I am sure many IPS/IDSes are great for stopping a lot of attacks. I
> find it incredibly hard to believe that they stop all. It is far better
> to write good code in the first place.

Definitely true.
 
> To those people out there who recommended this or that IPS/IDS:
> Have you tested these against real attacks?

Yes, I've caught real attacks using snort with the bleeding rules. As
you say, perhaps only the obvious ones though ("xp_cmdshell").

-- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.

• Next message: Leandro Reox: "RE: SQL injection"
• Previous message: Tim: "Re: SQL injection"
• In reply to: Tim: "Re: SQL injection"
• Next in thread: Leandro Reox: "RE: SQL injection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT