https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290083#M76681 <P>I would like to know which model of the ASA can block sql injections to help keep a web server safe. </P> Sun, 10 Mar 2019 11:42:51 GMT shanemcanuff 2019-03-10T11:42:51Z https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290083#M76681 <P>I would like to know which model of the ASA can block sql injections to help keep a web server safe. </P> Sun, 10 Mar 2019 11:42:51 GMT https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290083#M76681 shanemcanuff 2019-03-10T11:42:51Z https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290084#M76689 <HTML><HEAD></HEAD><BODY><P>All ASA models should be able to accommodate for this using a specific enough regex string within an inspect class-map riding in an http inspect policy-map. You'd have to know what you are looking for to match with regex, whose config lines are limited to 100-something chars. For something more scalable and configurable, a full-fledged IPS would probably be preferred.</P></BODY></HTML> Fri, 24 Jul 2009 22:31:45 GMT https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290084#M76689 bwallander 2009-07-24T22:31:45Z https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290085#M76691 <HTML><HEAD></HEAD><BODY><P>You might also take a look at the ACE Web Application Firewall (WAF). This product is specifically designed for protecting websites against attacks like this (and a number of other web specific attacks).</P><P></P><P>Jim</P></BODY></HTML> Mon, 03 Aug 2009 19:19:06 GMT https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290085#M76691 jim_berlow 2009-08-03T19:19:06Z https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290086#M76696 <HTML><HEAD></HEAD><BODY><P>Any ASA with IPS module in it can take care of all types of known attacks.</P><P></P><P>the signature definition database of ips gets updated every week/ 15 days.you can set it up to auto update and it'll fetch those definitions on it's own.</P><P></P><P></P><P>f/w with intrusion prevention system is the complete solution to go for.Alone,f/w is not effective enough when it comes to layer 7 inspection.</P><P></P><P></P><P>hTh</P><P>Sushil</P><P>TAC</P></BODY></HTML> Mon, 03 Aug 2009 22:53:30 GMT https://community.cisco.com/t5/network-security/can-the-asa-block-sql-injection/m-p/1290086#M76696 suschoud 2009-08-03T22:53:30Z