Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "David Litchfield has started a new blog"] [Next entry: "New presentation on Database Vault faults"]

A new SQL Injection protection PL/SQL package



I saw a post on my Oracle security forum by Gary titled Steven F's SQLguard - sql injection prevention pkg that announces that Steven Feuerstein has created a PL/SQL package called sql_guard that he is calling SQL Guard that aims at developers to help them prevent SQL Injection attacks from being successful on the said developers deployed code.

This sounds very interesting and I for one have dropped Steven an email to ask for a copy for testing to see how well it works and whether its going to be of value to developers. Without seeing it its hard to comment more now, but I will comment more here if Steven does let me have a copy to test.

There has been 2 Comments posted on this article


October 30th, 2007 at 04:21 pm

Steven Feuerstein says:

Hi Pete,

I am so glad you saw that posting and of course I very much want you to look at it!

I will be writing some documentation on SQL Guard (which is not yet completed, but an early version is ready for some initial review) and then I will let all who have expressed interest to know about it.

Regards, SF



October 31st, 2007 at 08:43 am

Pete says:

Hi Steven,

Thanks very much for your comment and also your earlier email. I am looking forwards to seeing your package and testing it.

cheers

Pete