I have a question, that is hopefully approriate for
this list, related to application inspection (whatever
the vendors call it now).

We recently had some problems with SQL injection, and
I have been asked to look at whether our equipment can
stop the attacks. My knowledge about the attack is
that there isn't a generic way to block the traffic,
since a firewall can't differentiate between valid
post data (to a forum, for example) vs one that is an
attempt to use injection.

If this is the case, any vendor's protection will just
amount to responses to know attacks, and I could just
as easily create a filter on my own that stops some
portion of attacks (since I know better what data my
webservers expect).

Is this a reasonable path to go down, or is there more
functionality in vendor responses to and protection
against SQL injection?


__________________________________________________ __________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsea...egory=shopping
firewall-wizards mailing list