Detection of SQL injection and cross-site scripting attacks
This article discusses techniques to detect SQL Injection and Cross Site Scripting (CSS) attacks against your networks. There has been a lot of discussion on these two categories of Web-based attacks about how to carry them out, their impact, and how to prevent these attacks using better coding and design practices. However, there is not enough discussion on how these attacks can be detected.
We take the popular open-source IDS Snort, and compose regular-expression based rules for detecting these attacks. Incidentally, the default ruleset in Snort does contain signatures for detecting cross-site scripting, but these can be evaded easily.
By K. K. Mookhey and Nilesh Burghate at SecurityFocus.
[ Read more ]
- Article: An Introduction To SQL Injection Attacks For Oracle Developers (23 January 2004)
- Article: Blind SQL Injection: Are You Vulnerable? (30 September 2003)
- Article: Blindfolded SQL Injection (2 September 2003)
- Article: (more) Advanced SQL Injection (3 July 2002)