Slide 42
Slide 42 text
BLOCK SQL-INJECTION AS A SYSADMIN
This can never be your only defense. This just helps make it
harder.
You can act on URL patterns
Keywords like CHR(), COALESCE(), CAST(), CHR(), ...
You can act on HTTP user agents
Keywords like sqlmap, owasp, zod, ...
Install a "Web Application Firewall"
(open source: mod_security in Apache, security.vcl in Varnish, ModSecurity in Nginx, 5G Blacklist, ...)