Mitigating SQL Injection Attacks

In a blog post earlier this week (http://blogs.isaserver.org/shinder/2008/10/08/can-firewalls-protect-against-sql-injection-beware-the-hardware-firewall-sales-guy-scam/), I mentioned that the real fix for SQL injection attacks is to fix the code, not to put a Band-Aid in front of the broken application and hope you get lucky. As Jim Harrison mentioned, firewall vendors who claim to block SQL injection attacks are likely feeding you something you shouldn’t be eating 🙂

However, Yuri Diogenes points out that there might be some things we can do to provide a best effort, due diligence solution to protect against broken applications that are susceptible to SQL injection.

Check out Yuri’s blog post at http://blogs.technet.com/edgeaccessblog/archive/2008/09/19/how-iag-2007-can-mitigate-sql-injection-attacks-demo-scenario.aspx for details on how you can use the IAG 2007 to help protect against SQL injection attacks.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top