Analytics Story: SQL Injection
Description
Use the searches in this Analytic Story to help you detect structured query language (SQL) injection attempts characterized by long URLs that contain malicious parameters.
Why it matters
It is very common for attackers to inject SQL parameters into vulnerable web applications, which then interpret the malicious SQL statements. This Analytic Story contains a search designed to identify attempts by attackers to leverage this technique to compromise a host and gain a foothold in the target environment.
Detections
Name | Technique | Type |
---|---|---|
SQL Injection with Long URLs | Exploit Public-Facing Application | TTP |
Data Sources
Name | Platform | Sourcetype | Source |
---|
References
- https://capec.mitre.org/data/definitions/66.html
- https://www.incapsula.com/web-application-security/sql-injection.html
Source: GitHub | Version: 1