SQLShield

The wide-band Internet service, the mobile tools changed the life of people drastically. The number of people considering the Internet as an everyday activity tool is increasing fast. The users are served invisibly by the millions of database servers providing the data for the various platforms. The protection of these systems does often not reach the minimum level which is partly due to the fact that the database servers have no easy and reliable protection solutions. By developing the SQLShield we would like to provide a solution for this problem. Our objective consisted of creating a database protection tool at the level of a modern application.

The multi-decade IT security, the special firewall designing and developing practice of the engineer team guarantees that the created tool provides the widest possible protection. The finished tool can provide protection against the majority of the known attacks. In addition – based on the database and the normal user’s habits – it is able to learn the characteristics of the proper operation, in this way it is possible to protect against the attacks that were unknown earlier.

Main security functions of the system

  • The protection against the SQL injection detects the attempts aiming at dodging the protection of the web application, it is possible to avoid that the web-server hacker retrieves data, destroys the database or tries to run an unauthorised program on the database server.
  • The protection against the data leakage hinders the attacker in having access to the data of the system even in case of a fully compromised client (web-based or traditional application, stolen access data, etc.).
  • The protection against the Cross Site Scripting (XSS or CSS) hinders the attacker in storing HTML code in the database and in this way running a javascript code on the client’s computer with which he can influence the functioning of his browser, he can retrieve data from it and in certain circumstances he can also reconnoitre the client’s environment or he can attack its machine.
  • Basic database access control functions:
    • The restriction of the connection to the database according to the user’s network information (source address, network, etc.), according to the database user or the date or the time interval,
    • Enforcing the SSL/TLS protected connection, checking the certificate shown by the connected user, restriction based on its characteristics,
    • Certain database operations or operation groups (e.g. writing) can be permitted or banned according to the users or other features,
    • the database assures server-independent audit possibility, the important operations can be logged based on various decision possibilities (source address, user, etc.)
    • provides the possibility of reporting based on various standards (PCI-DSS, etc.)
    • Protection against the puffer overflow at protocol level

Project name:
Development of a database protection tool at the level of the innovative application

Project identification:
GOP-1.3.-1-11/A-2012-0165

Supporting amount:
HUF 36 215 760,- Which takes place with the support of the European Union and the co-financing of the European Regional Development Fund.

Name of beneficiaries:
Andrews IT Engineering Kft.