To cache a thief | Using database caches to detect SQL Injection attacks

Expo Theatre (Hall G) October 20, 2009 - Feedback     

Bookmark and Share

Kevvie Fowler

Most SQL Injection attack detection methods are heavily dependent on IDS and web server logging which in many scenarios can be easily circumvented. Performing SQL Injection attack detection at the database can overcome current detection limitations. This session will demonstrate techniques and a new incident response tool that uses database caches to confirm or discount the occurrence of a successful SQL injection attack including:

  • attacks unveiled at this year’s Black Hat Europe conference
  • attacks launched from the tool used to compromise the website of a major anti-virus vendor earlier this year
  • the attack used by the SQL Injection worm that compromised over 500,000 websites in 2008

We’ll close by looking at how you can proactively configure your database server to automatically detect and alert you of successful SQL injection attacks.

The focus of this session will be on Microsoft SQL Server however the same principles can be applied to other RDBMS products. This is a must attend session for anyone tasked with securing, investigating or working with database servers and web-based applications.