Analytics Story: SQL Injection

Date: 2017-09-19 ID: 4f6632f5-449c-4686-80df-57625f59bab3 Author: Bhavin Patel, Splunk Product: Splunk Enterprise Security

Description

Use the searches in this Analytic Story to help you detect structured query language (SQL) injection attempts characterized by long URLs that contain malicious parameters.

Why it matters

It is very common for attackers to inject SQL parameters into vulnerable web applications, which then interpret the malicious SQL statements. This Analytic Story contains a search designed to identify attempts by attackers to leverage this technique to compromise a host and gain a foothold in the target environment.

Detections

Name ▲▼	Technique ▲▼	Type ▲▼
SQL Injection with Long URLs	Exploit Public-Facing Application	TTP

Data Sources

Name ▲▼	Platform ▲▼	Sourcetype ▲▼	Source ▲▼

References

https://capec.mitre.org/data/definitions/66.html
https://www.incapsula.com/web-application-security/sql-injection.html

Source: GitHub | Version: 1