Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "10g Release 2 for Windows is available"] [Next entry: "Some Perl and problems with referral spammers"]

Nice paper by KK Mookhey and Nilesh Burghate - Detection of SQL Injection and Cross-site Scripting Attacks

I was browsing the web tonight and visited KK Mookhey's site - (broken link) Network Intelligence to see what was new and I found a paper written by KK and Nilesh in 2004 titled "Detection of SQL Injection and Cross-site Scripting Attacks". This is a great short paper that discusses creating regular-expression based rules for snort, the open source Intrusion Detection System (IDS) for SQL injection and cross site scripting attacks on web based applications. This is a quite an interesting discussion on detecting some simple things such as -- or single quotes. KK and Nilesh show how to create reg expressions including how to detect upper case and lower case and also hex equivalents. They also go deeper into metachars and how to recognise SQL Injection attempts and even looking for the keyword UNION. The paper goes on to talk about detecting CSS attacks as well. This is a great little paper, perhaps slightly date due to the more advanced ways to Inject Oracle and other databases that have been presented recently but this paper is still valid and a good attempt at looking at how a IDS free tool can be used useful against Oracle.