2019-02-02, 16:30–17:10, Innohub (https://innohub.innovecs.com)
How SQL firewalls can help to protect databases from SQL injections: the main difference from WAFs, common usage scenarios, pros, and cons. Developing SQL firewall is a hard task – we will share insights about parsing SQL protocols, matching rules, hidden dangers of logging, best of configuration and usage patterns.
Our general plan for talk:
-
SQL injections: what's that and how to protect against them.
-
Typical scenarios of fighting with injections: OWASP guide, WAF, SQL firewall.
-
WAF: pros, cons, why WAF is not enough.
-
SQL firewall: what is this, what are the main features of it.
-
How we built SQL firewall:
-
configuration and rules (allow, deny, ignore);
-
parsing SQL protocols;
-
pattern matching (WHERE, EQUAL, VALUE etc);
-
logging and masking requests;
-
-
SQL Firewall vs WAF.
-
Best use cases for SQL firewall.
-
Future improvements of SQL firewalls.
-
Outro.