SQL Injection Attacks
SQL injection attacks are a types of attack in which malicious SQL statements are injected in web application database server. Successful exploitation of this attack could allow attacker to bypass web authentication and extract sensitive content of entire database. SQL injection attacks could affect any web application that makes use of SQL database and accepts input from a user without proper validation.
Where should you collect logs from?
Web Server, Web Application Firewall, IDS/IPS logs
How to detect using SIEM?
SQL Injection Detection Criteria
There are certain common code that needs to be injected for the attack to be successful. Look for the SQL query tags in url field of the logs collected above.
[*'or*, *%27or*, *%20*=%20*'*, *%3B--*, *'--*, *\)--*, *;–*]
No comments:
Post a Comment