After writing the post SQL Injection, the threat beyond the perimeter I received some emails with this question. If you company also has the same dilemma you need to leverage this to upper management and show the real risk that they are running in to. Neil Carpenter from CSS Security (IR) Team wrote exactly about that on his blog and we should keep trying to evangelize the security admins to push that harder on their network.

 

But, if you need to implement some level of mitigation in the Edge while the Devs are fixing the code, then IAG 2007 can help you on that. Today I posted an article in the IAG 2007 Team Blog that exemplifies how. Read it the whole article here:

 

How IAG 2007 Can Mitigate SQL Injection Attacks – Demo Scenario

http://blogs.technet.com/edgeaccessblog/archive/2008/09/19/how-iag-2007-can-mitigate-sql-injection-attacks-demo-scenario.aspx