[Owasp-leaders] Detecting SQL Injection at SQL Server level

Sven Vetsch sven.vetsch at owasp.org
Sun Nov 1 13:29:52 UTC 2015


Hi Dinis

The following is not based on errors but rather the structure of a query and might also be of interest to you:


http://www.slideshare.net/hashdays/hashdays-2011-christian-bockermann-protecting-databases-with-trees





PS: The cool stuff starts at slide 63 :)




Regards,

Sven



--

Sven Vetsch

Leader OWASP Switzerland

https://www.owasp.ch

https://www.twitter.com/OWASP_ch

On Thu, Oct 29, 2015 at 4:35 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Hi, anybody here has experience on detecting SQL injection on an
> high-volume SQL Server by looking at the SQL Queries errors?
> I know some guys (like ETSY) are doing this, but when I was talking with
> the DBAs today they couldn't find an easy way to do it at the SQL server.
> The logic is that there should be no SQL compilation errors in the
> Production SQL server, so any errors that occur should either be:
> a) a nasty bug
> b) an SQL Injection being triggered by accident
> c) an SQL Injection attack
> Since it is really hard for an attacker to perform an SQL Injection without
> triggering an SQL Error ONCE, monitoring for SQL errors is a great way to
> proactively detect attacks (which is what Dan and Zane talk about in this
> video https://www.youtube.com/watch?v=jQblKuMuS0Y)
> Ideally this should be detected at SQL Server level since that will make
> sure that all possible scenarios are covered. The alternative is to try to
> detect it via AppDynamics, or on the server logs, or at the Java code
> (which will require code changes).
> Dinis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151101/89cd6b4f/attachment.html>


More information about the OWASP-Leaders mailing list