Using Database Caches to Detect SQL injection (SecTor 2009)

In this video Kevvie Fowler(Security researches and Director Security Services , TELUS) talks about a new technique to detect SQL injection.He starts with a basic discussion on SQL injection and tells that SQLinjection is  basically an application Problem (and not a database one).He then talks about the various techniques already used to prevent SQL injection (Intrusion detection system, web Application firewall) and then talks about the various ways to get around it (like  using encryption , Encoding etc).

Database maintain a cache containing information about the  previous activity.By looking at the caches and by using some Syntaxes to create signatures  , one can detect SQL  injection. He then talks on how parameterization can prevent cache based detection(because only the final value is stored). He then talks about the Popular SQli tools like Acunetix and SQLMAP(doesnt use encoding) and tells how their attacks can be detected because they leave a lot of signatures in the cache.

He then talks about a Dangerous SQLi tool developed by chinese hackers called Pangolin which uses Encoding , but even that could be detected . He then talks about a tool called Hypnosis uses cache based Detection Scheme. THe presentation finally ends with a demo on the tool hypnosis using the attack tool as Pangolin.This area of research (cached based SQLi injection ) has not been looked into much and forms the basis of future researches. You can download the pdf of the talk.

Prateek Gianchandani , 20 is a student dedicated to the field of network security . He has organized a number of workshops and hacking events in his college. Learning more and more about network security always keeps him busy . His favourite passtimes include listening to music,reading novels, playing snooker etc.  He is currently doing B-tech in electrical engineering from the prestigious Indian Institute of technology ,Roorkee. u can contact him at prateek_gian [-at*] yahoo.co..in