Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
1
Replies

SQL injection

josephium
Level 1
Level 1

‎06-03-2008 12:04 AM - edited ‎03-10-2019 04:08 AM

Hi, in the cisco IPS there is only 2 signatures that detect SQL in http request, checking a certain select ... from statement, but there are a lot more SQL injection technigues using the Drop or the insert, checking also the (') ... why is there not much more signatures about SQL injection ? what is the best way to do them manually ?

Thank you

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎06-03-2008 08:08 AM

The Cisco sigs are just too generic and trigger on regular HTML all the time. You might think about creating rules that look for the typical tests that an attacker (or pen tester) would use to find SQL injection vulns. i.e. the precursor to the actual SELECT,INSERT,DROP,WHATEVER.

http://ha.ckers.org/sqlinjection/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card