WebApp Sec mailing list archives
Re: [tool] Guardian () JUMPERZ NET : Rule Database is now available
From: Kanatoko <anvil () jumperz net>
Date: Sun, 12 Sep 2004 00:32:22 +0900
Hello Steven,
For example, the following will be bypassed by the filter *and* will execute. SE/**/LECT * FRO/**/M table;
You are totally right. There are a limitation on detecting SQL injection attacks by using signature based systems. I have read the paper "SQL Injection Signature Evasion" by Imperva.com(1), and agree with it's conclusion, "Signature protection against SQL Injection is simply not enough.". But I also think that simple and generic rules will be some help to detect attacks. Now I research real time log analysis to detect SQL injection attacks because this attack tends to generate a lot of HTTP traffic. Thanks (1)http://www.imperva.com/application_defense_center/white_papers/sql_injection_signatures_evasion.html -- Kanatoko<anvil () jumperz net> http://www.jumperz.net/ irc.friend.td.nu:6667 #ouroboros On Sat, 11 Sep 2004 14:16:58 +0530 <stevenr () mastek com> wrote:
Hi Kanatoko Good work, the rules set is pretty useful. There was one suggestion, with respect to the rules for SQL injection where you are checking for certain SQL keywords. In my experience, these checks for blacklist SQL strings arent always foolproof. For example, the following will be bypassed by the filter *and* will execute. SE/**/LECT * FRO/**/M table; Just thought I would share about this particular type of SQL attack signature. Regards, Steven Rebello Technology Cell, Mastek Limited "This email is printed using 100% recycled electrons." -----Original Message----- From: Kanatoko [mailto:anvil () jumperz net] Sent: Wednesday, September 01, 2004 11:54 AM To: webappsec () securityfocus com Subject: [tool] Guardian () JUMPERZ NET : Rule Database is now available Hi list, Guardian () JUMPERZ NET is an open source web application firewall. It is available at http://guardian.jumperz.net/ Rule database is now avaialbe at: http://guardian.jumperz.net/index.html?i=004 Examples: - x86 NOP sled detection: http://guardian.jumperz.net/index.html?i=006&id=GID4 - NULL detection: http://guardian.jumperz.net/index.html?i=006&id=GID11 - Buffer overflow detection: http://guardian.jumperz.net/index.html?i=006&id=GID9 - Directory(Path) traversal detection: http://guardian.jumperz.net/index.html?i=006&id=GID18 - SQL injection detection: http://guardian.jumperz.net/index.html?i=006&id=GID44 - XSS detection: http://guardian.jumperz.net/index.html?i=006&id=GID38 Thanks Kanatoko<anvil () jumperz net> http://www.jumperz.net/ irc.friend.td.nu:6667 #ouroboros MASTEK "Making a valuable difference" Mastek in NASSCOM's 'India Top 20' Software Service Exporters List. In the US, we're called MAJESCO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from all computers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- [tool] Guardian () JUMPERZ NET : Rule Database is now available Kanatoko (Sep 01)
- <Possible follow-ups>
- RE: [tool] Guardian () JUMPERZ NET : Rule Database is now available stevenr (Sep 11)
- Re: [tool] Guardian () JUMPERZ NET : Rule Database is now available Kanatoko (Sep 11)
- RE: [tool] Guardian () JUMPERZ NET : Rule Database is now available Michael Howard (Sep 15)