Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

can ISA 2006 filter forSQL Injection ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> can ISA 2006 filter forSQL Injection ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
can ISA 2006 filter forSQL Injection ? - 28.Nov.2006 12:43:30 AM   
roys99

 

Posts: 15
Joined: 28.Feb.2006
Status: offline 		hi,

We have several older sites that we publish on our ISA 2006 cluster.

They have an SQl backend and pen testing shows them to be open to SQL injection.

The code is old and repairing it is not an immidiate option.

Is there anything i can do with ISA 2006 to minimize this?

I posted this here - pls let me know if should be elsewhere

Thank you
Roy

_____________________________

Thank you,
Roy
Post #: 1
RE: can ISA 2006 filter forSQL Injection ? - 3.Jan.2007 10:38:15 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		You can block strings involved with injection, but fixing your code is a better solution.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to roys99)
Post #: 2
RE: can ISA 2006 filter forSQL Injection ? - 4.Jan.2007 12:41:12 AM   
roys99

 

Posts: 15
Joined: 28.Feb.2006
Status: offline 		Hi Tom

Thank you for this answer.

The problem is that these are older site and we simply can not open their code.

Can u pls provide me some leads as to how to build such a filter - or purchase one?

Thank you,
Roy

_____________________________

Thank you,
Roy

(in reply to tshinder)
Post #: 3
RE: can ISA 2006 filter forSQL Injection ? - 6.Jul.2008 9:29:54 PM   
dbellion

 

Posts: 5
Joined: 16.Jun.2006
Status: offline 		my response here might help
http://forums.isaserver.org/m_2002069616/mpage_1/key_/tm.htm#2002069759
but as tom suggests, best to address code / app vulnerabilities and the firewall adds another layer of protection rather than the only layer when possible

(in reply to roys99)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> can ISA 2006 filter forSQL Injection ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts