September 3, 2020 at 12:00 am
Comments posted to this topic are about the item Can You Catch SQL Injection?
September 3, 2020 at 11:59 am
On 20August the 2020 list became available... SQL Injection is still #6 (https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html).
September 3, 2020 at 2:09 pm
The issue is that SQL injection isn't a platform vulnerability it's a developer issue so it's never going away.
September 3, 2020 at 3:38 pm
It's likely never going completely away, but we are getting better about writing code to avoid this and detecting it in scans.
September 3, 2020 at 8:03 pm
Hackers who leverage SQL injection are sort of like "office creepers", I suspect that they don't know exactly what they're looking for, so you're looking for activity that's out of the ordinary. So, an alert should be triggered by an extended event trace or monitoring solution when creepy stuff like this happens, especially when it's coming from an application service account:
"object not found"
"blocked access to procedure 'sys.xp_cmdshell'"
"SELECT * FROM %"
"SELECT % FROM INFORMATION_SCHEMA %"
https://www.aus.com/security-resources/preventing-office-creepers
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply