-----BEGIN PGP SIGNED MESSAGE-----
Adriel T. Desautels wrote:
If he's looking to stop attacks then he needs to remove the vector
through which he is being attacked. IPS devices do not remove the
vector, they make an attempt to prevent the vector from being
While I support the use of properly configured and maintained IPS
technologies, I'd never recommend using them as a method for
because they are only a method for mitigation. Sure mitigation is
great, but its not a fix.
With respect to your comment about creating properly designed
parameterized stored procedures, it is not "almost impossible" if you
architect things properly. You might be able to change a variable
a 1 to a 2 which is technically SQL Injection, but its not usually an
SQL Injection Attack that is of any use. The idea here is to prevent
SQL Injection Attacks not to prevent people from changing variables
should be harmless right?
On Dec 16, 2008, at 8:32 AM, ArcSighter Elite wrote:
what Adriel meant was PROPERLY DESIGNED Parameterized Stored
I totally agree with him.
Providing a short time solution is a good idea but you have to
job properly which in the case of a pen-tester would be report and
with a viable (permanent) solution.
I also agree partially with Sam, specially windows systems, after
is a MUCH BETTER idea to rebuild it improving the security of
Well, PROPERLY DESIGNED of course if almost impossible, but you think
this is the case? I repeat myself: he's wishing to stop the
of course I think/hope he'll take the appropriate measures then.
wouldn't be able to fix anything if he is constantly under attack.
sure, linux is the best solution, even a win port of apache will do
better than IIS, again IMHO. Again, SQL injection could result in a
compromise, so re-deploying would be the optimal form: ex. instead of
finding rookits, install clean.
Adriel T. Desautels
ad_lists () netragard com
Sorry, we got a little communication problem here. I mean PROPERLY
DESIGNED queries is almost impossible to SQL-inject, my bad if you
misunderstood me. I'm sure you can't trusts IDS: I already said it
funny way: "they will only stop script-kiddies"; but he must truly
"mitigate" the attack as you said, before taking another long-term
measures. The IDS will also mitigate other attack vectors that may
expose vulnerabilities in his web-app, that may be vulnerable to other
web-based attacks, I already said, XSS, Sessions, Includes, Injections
(LDAP/SQL, etc), and the like.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----