Monday, February 25, 2019

security - How to detect SQL Injection sitting at a reverse proxy?

I am writing a simple reverse proxy in java. So, I have access to all Http requests and responses exchanged between client and server. Sitting at the proxy I am trying to detect SQL Injection Attack.



I got few links - (like for example)



http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks



where some regex are mentioned, but I suppose it's not that simple.
It is impossible to write regex for all possible/valid SQL statements.

Because so many databases are there in the market and SQL statements must follow some grammer rules.



Let me break down the problem to a simple question -



Given a string, can it be checked that whether it contains a valid SQL statement?



Can anyone tell me the best way to do it? Or, any library which does that for me?

No comments:

Post a Comment

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...