[Owasp-leaders] Detecting SQL Injection at SQL Server level
sven.vetsch at owasp.org
Sun Nov 1 13:29:52 UTC 2015
The following is not based on errors but rather the structure of a query and might also be of interest to you:
PS: The cool stuff starts at slide 63 :)
Leader OWASP Switzerland
On Thu, Oct 29, 2015 at 4:35 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> Hi, anybody here has experience on detecting SQL injection on an
> high-volume SQL Server by looking at the SQL Queries errors?
> I know some guys (like ETSY) are doing this, but when I was talking with
> the DBAs today they couldn't find an easy way to do it at the SQL server.
> The logic is that there should be no SQL compilation errors in the
> Production SQL server, so any errors that occur should either be:
> a) a nasty bug
> b) an SQL Injection being triggered by accident
> c) an SQL Injection attack
> Since it is really hard for an attacker to perform an SQL Injection without
> triggering an SQL Error ONCE, monitoring for SQL errors is a great way to
> proactively detect attacks (which is what Dan and Zane talk about in this
> video https://www.youtube.com/watch?v=jQblKuMuS0Y)
> Ideally this should be detected at SQL Server level since that will make
> sure that all possible scenarios are covered. The alternative is to try to
> detect it via AppDynamics, or on the server logs, or at the Java code
> (which will require code changes).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders