Surviving the Week – 04/20/2012

Using Reverse Proxies To Secure Databases

This study provides a unique technique to protect against SQL Injection.  However, it is not a full proof solution and maintaining/updating queries using this method becomes cumbersome and difficult to manage. Generic web application firewall rules do not provide protection against SQL injection as this study supports. You need to find the root cause and either programmatically fix the code or you need custom rules to protect against the vulnerability. NTOSpider can help you find vulnerabilities and NTODefend can help you generate rules as a mitigation strategy until code can be updated –

Oracle Enterprise Manager – 2 SQLi Vulnerabilities

2 SQLi vulns were closed with April’s Critical Patch Update.  Both are remotely exploitable but considered medium risk. affected the Search page and was 8 months from vendor notification to patch release.  Whereas, which affected the Compare Wizard first Config page was over 2 years between notification and patch.  As much as we talk about SQLi, that vector doesn’t go away.

About Dan Kuykendall 169 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.