Protection protocol:
Read Bryn Llewellyn's paper on writing PL/SQL correctly to prevent
injection.
Follow Bryn's rules for things that are allowed to attach to your database.
Overly simple: perhaps. Effective? Definitely.
Allow folks to bend Bryn's rules? Then you have entered the np incomplete
problem space of intrusion detection. Good luck.
mwf
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Upendra nerilla
Sent: Monday, March 20, 2017 11:06 PM
To: Oracle-L
Subject: SQL Injection monitoring/protection tools
Hello everyone -
I am interested in finding what kind of tools folks are using to defend
against SQL injection type attacks?
I have seen the capabilities of Database Firewall from various documents,
seems to have nice features.
Have seen the following page listing a few other options:
https://en.wikipedia.org/wiki/Web_application_firewall
Could you please share any feedback on any tools/strategy anyone is using..
Much appreciated
-Upendra
