libinjection: New Directions in SQLi Detection

  • Wednesday, February 27, 2013 | 10:40 AM – 11:40 AM | Room: Room 132

View all Sessions

What if your application would not only be immune to many SQLi attacks but also alert you when they are happening -- with no code changes, new hardware, new firewalls? As part of the libinjection project, real-world SQLi attacks and benign input have been analyzed to produce a new algorithm for SQLi detection The same tokenization engine used in libinjection, was then used to analyze "every day SQL" vs. "SQLi SQL". It indicates that we can stop the majority of SQLi attacks just by adding access control to rarely used SQL constructs.


This document was retrieved from on Thu, 21 Feb 2019 14:56:05 -0500.