libinjection: New Directions in SQLi Detection

  • Wednesday, February 27, 2013 | 10:40 AM – 11:40 AM | Room: Room 132
View all Sessions

What if your application would not only be immune to many SQLi attacks but also alert you when they are happening -- with no code changes, new hardware, new firewalls? As part of the libinjection project, real-world SQLi attacks and benign input have been analyzed to produce a new algorithm for SQLi detection The same tokenization engine used in libinjection, was then used to analyze "every day SQL" vs. "SQLi SQL". It indicates that we can stop the majority of SQLi attacks just by adding access control to rarely used SQL constructs.

Participants

This document was retrieved from http://www.rsaconference.com/events/us13/agenda/sessions/126/libinjection-new-directions-in-sqli-detection on Wed, 16 Apr 2014 16:09:02 -0400.
© 2014 EMC Corporation. All rights reserved.