Characteristics of an SQL injection attack

SQL injection attacks attempt to exploit web application vulnerabilities by concatenating user input with SQL queries. If successful, these attacks can execute malicious SQL commands using the legitimate web application connection. SQL injection attacks can be difficult to identify because the individual steps of an attack, analyzed independently of the other steps, might be considered legitimate. Using threat detection analytics, Guardium identifies potential SQL injection attacks by capturing the individual steps and analyzing them as part of a single complex attack.

Typical symptoms of SQL injection attacks that Guardium identifies include:

  • An attacker trying to identify the structure of a dynamic SQL query, for example the number of columns queried
  • An unusually large quantity of new queries, specifically queries that are uniquely or unusually structured
  • Access to tables containing information about the database structure