A lot of "hardware" firewall sales guys like to make it a point that their product protects against SQL injection attacks. But like many sales guys, you may be hearing a half truth, if that much. Jim Harrison recently commented on this unfortunate state of affairs:
"Your customer (like so many others) needs to understand that while ISA and IAG can help mitigate specific SQL attacks, any product rep touting "protection from SQL injection" as an absolute fact is a liar; pure and simple.
SQL injection as an attack class is very nearly infinite in presentation. The proper answer is to follow web-app SQL usage best practices so as to prevent them where the attacks are mounted; within the application code itself. Of course, the standard customer response is "I need something to protect me while we fix these things", which inevitably turns out to be never, because they are now "protected".
ISA can carry specific attack filters in the HTTP filter settings for each HTTP-related rule (if the web proxy filter is bound to the protocol), and IAG can apply regular expression matching (quite a lot stronger), but both of these require specific knowledge of the SQL attack method and the web application logic that allows the attack."
So, as always, caveat emptor -- do your research before paying for overpriced and underperforming "hardware" solutions.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
MVP — Forefront Edge Security (ISA/TMG/IAG)
When using PowerShell as a tool for monitoring Active Directory health, you are limited only by your imagination. Here’s some…
Microsoft Authentication Libraries, available for Android, iOS, and macOS, help developers integrate authentication into a diverse set of applications.
iPhone users looking for help in jailbreaking their devices will find trouble if they head to a website named checkrain,…
Locked files in Windows can be a maddening experience. Thankfully, it is usually relatively easy to get a locked file…
The release of Google’s much-awaited new smartphones is official. The tech giant has unveiled the Pixel 4 and Pixel 4…
Every business with IT as part of its foundation needs a comprehensive governance strategy. This is where COBIT 2019 comes…