Preventing SQL Injection attacks with Web Application Firewalls
Posted
Thursday, November 20, 2008 9:04 PM
by
hwaldron
The use of URL Scan v3.0 in a standalone mode or using this built in facility within IIS can help mitigate attacks until web applications are strengthened to properly check objects being input for SQL-Injection scripts. There are also some good non-Microsoft filtering systems that can help block these automated attacks.
Large quantity SQL Injection mitigation
http://isc.sans.org/diary.html?storyid=5381
As botnets and other automated tools are hammering at websites trying to exploit SQL injection vulnerabilities, site operators are trying hard at defending their websites. ASProx and other botnets were hitting hard at the ASP + MS SQL platform, millions of websites fell victims to the SQL injection vulnerabilities already. Although there has been a decline of wild SQL scanning by ASPRox type of botnet, we are still not in the clear yet. The unauthenticated portion of some sites might be secure, but the authenticated portion might be totally vulnerable.
A short term remediation to SQL injection can be web application firewall. Web application firewall (WAF) is similar to a network firewall except it also inspect the application layer information, such as cookies, form fields and HTTP headers. With Microsoft IIS as web server, one of the quickest and easiest WAF solution maybe Microsoft's Urlscan, it is an addon to IIS5 and built-in for later versions of IIS. Urlscan runs as an ISAPI filter, so it can be easily deployed and removed.