[Owasp-leaders] Detecting SQL Injection at SQL Server level

Dinis Cruz dinis.cruz at owasp.org
Thu Oct 29 20:33:53 UTC 2015


Hi, anybody here has experience on detecting SQL injection on an
high-volume SQL Server by looking at the SQL Queries errors?

I know some guys (like ETSY) are doing this, but when I was talking with
the DBAs today they couldn't find an easy way to do it at the SQL server.

The logic is that there should be no SQL compilation errors in the
Production SQL server, so any errors that occur should either be:

a) a nasty bug
b) an SQL Injection being triggered by accident
c) an SQL Injection attack

Since it is really hard for an attacker to perform an SQL Injection without
triggering an SQL Error ONCE, monitoring for SQL errors is a great way to
proactively detect attacks (which is what Dan and Zane talk about in this
video https://www.youtube.com/watch?v=jQblKuMuS0Y)

Ideally this should be detected at SQL Server level since that will make
sure that all possible scenarios are covered. The alternative is to try to
detect it via AppDynamics, or on the server logs, or at the Java code
(which will require code changes).

Dinis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151029/a8408df5/attachment.html>


More information about the OWASP-Leaders mailing list