Description: <div style="text-align: justify;">In this video Kevvie Fowler(Security researches and Director Security Services , TELUS) talks about a new technique to detect SQL injection.He starts with a basic discussion on SQL injection and tells that SQLinjection is basically an application Problem (and not a database one).He then talks about the various techniques already used to prevent SQL injection (Intrusion detection system, web Application firewall) and then talks about the various ways to get around it (like using encryption , Encoding etc).<br><br>Database maintain a cache containing information about the previous activity.By looking at the caches and by using some Syntaxes to create signatures , one can detect SQL injection. He then talks on how parameterization can prevent cache based detection(because only the final value is stored). He then talks about the Popular SQli tools like Acunetix and SQLMAP(doesnt use encoding) and tells how their attacks can be detected because they leave a lot of signatures in the cache.<br><br>He then talks about a Dangerous SQLi tool developed by chinese hackers called Pangolin which uses Encoding , but even that could be detected . He then talks about a tool called Hypnosis uses cache based Detection Scheme. THe presentation finally ends with a demo on the tool hypnosis using the attack tool as Pangolin.This area of research (cached based SQLi injection ) has not been looked into much and forms the basis of future researches. You can download the pdf of the talk. <br></div><br><style type="text/css"> body { background: #FFF; } </style>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.