Monday, February 8, 2010


On the first of February I went to a talk by Yuli Stremosky about GreenSQL at OWASP. Yuli gave a very nice talk. He started explaining that shared hosting is not an option for the security aspect since you can be hacked through another website. He quickly explained SQL injections and SQL tautologies.

GreenSQL is a firewall that has to protect you from SQL injection. Basically it works on a reverse proxy-principle. Your application/webserver connects to the GreenSQL Proxy which verifies the query and gets the data from the database.

There are 4 modes to run GreenSQL in:
The IDS mode uses a risk matrix engine that scores the incoming queries and blocks the suspicious queries. The IPS mode uses an heuristics engine to find suspicious queries. If a query is considered illegal, it is checked against a white list. An illegal query results in an empty result set.

GreenSQL uses a pattern matching engine to analyse the SQL queries. The following queries automatically are considered illegal:
  • database administrative commands
  • commands that change a database structure
  • commands that access the file system
I had contact before this talk with the GreenSQL people to see what there plans are for commercial databases like Oracle, DB2 an MS SQL. I got an answer and they are working on it.

No comments: