Be the first to like this
Though publicly known for a long time, SQL injection attacks do not yet seem to have reached their peak – the LulzSec activities in mid 2011 showed the overall presence of applications vulnerable to SQL attacks. Organizations like OWASP and Mitre rank SQL injections as the most dangerous threats to our (web) infrastructures and even SQL injections in SMS text messages have been reported. Vendors of Web Application Firewalls spend enormous e?orts to create patterns to detect SQL injections at the application protocol layer, but attackers spend even more e?orts ?nding evasions of these patterns using various encodings or polymorphic substitutions within SQL. In this talk we will have a look at SQL injections from the syntax level perspective of the SQL language. We exploit the parser component of the database system to produce a syntax tree of the command that has been passed to the database by the web frontend. The resulting tree provides a representation of the command that can be compared to a set of known commands expected to be used by the deployed web application.
Bio: Starting with Linux/network security in 1996, Christian Bockermann has been working in computer security for over 10 years. While working as a Java web-application developer for several years he started concentrating on web-security as primary subject. Since he graduated with a MSc in computer science with an emphasis on Anomaly Detection in Web-Applications, he is currently working on his Ph.D. combining methods of machine learning and artificial intelligence in web-application firewalls and system monitoring. A proposal of his intelligent web-application firewall project has been elected among the top-10 projects of the 2nd GermanIT-Security Award. Alongside to this Ph.D. research, Christian is working as a freelancer in web-security consulting, mostly focused on Apache and ModSecurity. He is also author of several Java tools supplementary to ModSecurity, most prominent being the AuditConsole log-management server for ModSecurity.