Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
Back To Schedule
Friday, August 23 • 2:40pm - 3:10pm
An Alternative Approach for Real-Life SQLi Detection

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

SQL injection vulnerabilities are known for at least 15 years and still belong to the highest risk category in the OWASP TOP 10 for 2013. The problem seems not to be solved yet. A web application firewall should protect vulnerable web applications against SQL injection attacks, but distinguishing malicious SQL injections from regular human input is a hard job. Inspired by libinjection, an optimized tokenizer and parser to detect SQL injections, we combined lexical analysis of user-supplied data with smart regular expression filters. As a result of this we found a new way to reduce false positives while still efficiently detecting SQL injections.


Friday August 23, 2013 2:40pm - 3:10pm CEST