Building SQL firewall: insights from developers
2019-02-02, 16:30–17:10, Innohub (

How SQL firewalls can help to protect databases from SQL injections: the main difference from WAFs, common usage scenarios, pros, and cons. Developing SQL firewall is a hard task – we will share insights about parsing SQL protocols, matching rules, hidden dangers of logging, best of configuration and usage patterns.

Our general plan for talk:

  1. SQL injections: what's that and how to protect against them.

  2. Typical scenarios of fighting with injections: OWASP guide, WAF, SQL firewall.

  3. WAF: pros, cons, why WAF is not enough.

  4. SQL firewall: what is this, what are the main features of it.

  5. How we built SQL firewall:

    • configuration and rules (allow, deny, ignore);

    • parsing SQL protocols;

    • pattern matching (WHERE, EQUAL, VALUE etc);

    • logging and masking requests;

  6. SQL Firewall vs WAF.

  7. Best use cases for SQL firewall.

  8. Future improvements of SQL firewalls.

  9. Outro.