I am writing a simple reverse proxy in java. So, I have access to all Http requests and responses exchanged between client and server. Sitting at the proxy I am trying to detect SQL Injection Attack.
I got few links - (like for example)
http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks
where some regex are mentioned, but I suppose it's not that simple.
It is impossible to write regex for all possible/valid SQL statements.
Because so many databases are there in the market and SQL statements must follow some grammer rules.
Let me break down the problem to a simple question -
Given a string, can it be checked that whether it contains a valid SQL statement?
Can anyone tell me the best way to do it? Or, any library which does that for me?
No comments:
Post a Comment