G
Database Security. Database Auditing. Database Caching. Database Masking. Get it nowSQL Injection coverage
Posted March 31st, 2010 by caar2000
in
Guys
What is the coverage in terms of signatures that GreenSQL can identify?
I know that is not a qualitative analysis but I would like to have a basic idea of the
coverage based by signatures and if the other methods for detection/prevention
can increase in a certain way the coverage.
Lets say with just the IDS signatures GreenSQL can cover 100 attacks plus in certain way (I know, I know is subjective and related to each app but lets try to do the exercise), plus heuristic and phpids we can cover 150 attacks for example
How can we rate the protection in numbers?
Regards
Carlos
Comments
Hello Carlos GreenSQL
Hello Carlos
GreenSQL depends much less on the signatures as PHPIDS does.
We have some signatures to detect admin commands mostly.
We have developed our own algorithm that detects SQL injections witch works in different way PHPIDS does. Take a look at this document http://www.greensql.net/about
To sum up all the above, you can not count application based only on a number of signatures.
In addition, PHPIDS is used as a PHP plug-in that analyzes requests submitted to PHP scripts. While GreenSQL can listen on all SQL requests going to your database.
Best regards,
Yuli