Firewall Wizards mailing list archives
Re: preventing XSS and SQL injection?
From: David Thiel <lx () redundancy redundancy org>
Date: Thu, 2 Jun 2005 14:17:16 -0700
On Thu, Jun 02, 2005 at 05:08:19PM +0400, ArkanoiD wrote:
Are there any hints on preventing cross-site scripting attacks and SQL injection on proxy firewall by, say, applying some regexps on url data?
There are several Snort rules which have regexes for detecting XSS and SQL injection. You could either use a Snort or similar box inline, or adapt them to your own proxy. Most snort XSS/SQL injection sigs are for specific attacks, but some people have taken a crack at making more generic rules: http://www.nii.co.in/research/snort.html#sqlinj _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? David Thiel (Jun 02)
- Re: preventing XSS and SQL injection? Devdas Bhagat (Jun 02)
- <Possible follow-ups>
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- RE: preventing XSS and SQL injection? Behm, Jeffrey L. (Jun 02)
- Re: preventing XSS and SQL injection? J. Oquendo (Jun 02)
- Re: preventing XSS and SQL injection? ArkanoiD (Jun 02)
- Re: preventing XSS and SQL injection? Marcus J. Ranum (Jun 02)