Click here to receive your FREE subscription to Campus Technology
News
Hedgehog 1.2 Adds Context-Based SQL Injection Security
11/30/2007
Sentrigo has enhanced its Hedgehog database monitoring software to identify SQL injection security problems in database built-in packages. SQL injections in packages have represented the lion's share of database exploits in recent years, according to the company.
The security solution provider claims that its Hedgehog 1.2 solution can spot difficult-to-detect SQL injections, especially unknown ones, thereby helping to avoid potential "zero-day" attacks.
Sentrigo's literature explains that Hedgehog 1.2 accomplishes its SQL exploit detection via a method it calls "context-based SQL injection detection."
Rather than track the signatures of known injections, Hedgehog monitors database activity, such as actions run by packages, triggers and stored procedures. To detect unknown injections, Hedgehog examines the context from which SQL statements originate, as well as the types of commands used and the user's access privileges.
Hedgehog can detect improper commands. For instance, when a package has the definer rights of a privileged user and initiates a command that is incongruent with its intended use, Hedgehog will recognize this as a manipulation via SQL injection. Because the software monitors the database memory, it can detect these instances when they occur. The solution is capable of tracking activity from outside attackers, as well as threats from the inside.
Hedgehog 1.2 is currently available from the Sentrigo Web site.
David Kopf is a freelance technology writer and marketing consultant. He can be reached at david@dkcopy.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- IE Is Least-Patched Browser, Report Says
According to a report released last Tuesday, more than 40 percent of Internet surfers don't use browsers with up-to-date security patches--and Internet Explorer users are the biggest culprits.
- Ballmer Wants Board Change at Yahoo
Microsoft's executives have been talking with investor and corporate raider Carl Icahn about renewed plans for Microsoft to acquire part or all of Yahoo, provided that Yahoo's board is replaced. The details were described in an open letter issued Monday by Icahn, which is addressed to Yahoo's shareholders.
- July 2008 Crossword
Click above to see the solution for the July 2008 Campus Technology crossword puzzle.
- Stanford, IFL Introducing $50 Handheld to Mexico Students
Stanford University School of Education and Innovations for Learning, a Chicago-based nonprofit, have entered into a social entrepreneurship collaboration to bring the $50 Teachermate Handheld Computer to extremely underserved children in Latin America.
- 'Important' Fixes To Come in Microsoft's July Patch Cycle
IT pros will come back from the holiday weekend to face a possible four patches in Microsoft's July patch rollout, according an advance announcement issued by the company. The patches, arriving Tuesday, won't contain "critical" or "moderate" items, but all four will be deemed "important."
- Joliet JC Adopts MIR3 Emergency Notification Platform
Joliet Junior College will be deploying the MIR3 inCampusAlert emergency notification service for its main campus in Joliet, IL and its extended campuses and extension centers. inCampusAlert allows for dissemination of information to and from cell phones, e-mail, pagers, land lines, and SMS.
