Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
View analytic
Friday, August 23 • 2:40pm - 3:10pm
An Alternative Approach for Real-Life SQLi Detection

Sign up or log in to save this to your schedule and see who's attending!

SQL injection vulnerabilities are known for at least 15 years and still belong to the highest risk category in the OWASP TOP 10 for 2013. The problem seems not to be solved yet. A web application firewall should protect vulnerable web applications against SQL injection attacks, but distinguishing malicious SQL injections from regular human input is a hard job. Inspired by libinjection, an optimized tokenizer and parser to detect SQL injections, we combined lexical analysis of user-supplied data with smart regular expression filters. As a result of this we found a new way to reduce false positives while still efficiently detecting SQL injections.

Speakers

Friday August 23, 2013 2:40pm - 3:10pm
Freiraum