On 02/04/2011 12:39 PM, tanishk lakhaani wrote: > Well, I think that deploying active response can be a good way out to > prevent SQL Injection based attacks. However, there may be a few issues > related to it viz..decoders in ossec are designed to indicate a SQL > Injection attack even in case SELEC/UNION or any other SQL Based command > is used in the Request. This may be a bit of hinderance, as it may be > that the legitimate traffic is being blocked. > > I have already deployed Active Response in testing Environment, and post > deplpyment , launched a NESSUS Scan, and to my surprise, Active Response > turned out to be fantastic to prevent SQL Injection based attacks. > > Regards > Tanishk > > On Fri, Feb 4, 2011 at 12:12 AM, Steven Stern > <subscribed-li...@sterndata.com <mailto:subscribed-li...@sterndata.com>> > wrote: > > On 02/03/2011 12:00 PM, satish patel wrote: > > How efficient OSSEC is to stop SQL injection ? If not then i have to > > move on mod_security > > > > Is anybody out there who using ossec for sql injection ? > > > > > > Thanks, > > S > It's very good at detecting SQL injection, but your code shouldn't > (<smile>) be susceptible to it. mod_security has its own issues with > false positives. > > -- > -- Steve > > Unfortunately, the first attack line probably gets through. By the way, mandatory XKCD reference: http://xkcd.com/327/
-- -- Steve