How to look for a SQL-injection type error?

Discussion of the technology underlying the eValid solution.

How to look for a SQL-injection type error?

Postby Devina » Mon Aug 05, 2013 5:08 pm

We're digging into the security area, and need some recommendations on how to look for a SQL-injection type error?
Devina
 
Posts: 1
Joined: Mon Aug 05, 2013 5:04 pm

Re: How to look for a SQL-injection type error?

Postby eValid » Thu Aug 15, 2013 9:57 am

When eValid is used in this role, the main additional ingredient is the description of the pattern that indicates when the specified threat is present. The patern are usually expressed as regular expressions (REs).

Your searches with eValid DOM search commands like IndexFindElementEx will need this pattern so that your script will know what to search for. That command takes a RE as an argument.

If you are scanning a site with the built-in website scanner (spider) then you'll want to feed that RE into the Page Filter.

An excellent resource for you to use the OWASP produced Security Cheat Sheet. That collection shows you the REs for not only SQL-Injection but a wide variety of other types of vulnerabilities.

eValid Support
eValid
 
Posts: 2390
Joined: Tue Jan 01, 2008 12:48 pm
Location: USA


Return to Technology

Design Downloaded from free phpBB templates | free website templates | Free Web Buttons