Self Defending Database presented at Hacktivity 2012

by Alexander Kornbrust,

Tags: Security

Summary : Many attackers on the internet are using automated SQL injection tools like Havij, Pangolin or SQLmap to extract data from databases. After finding the initial SQL Injection vulnerability it often takes only a few minutes before the attacker downloads data from the database.
Several high profile incidents (e.g. Sony Playstation Network) were done via SQL Injection from vulnerable web applications and have been avoided if a downtime instead of data theft is acceptable for the management.
Most organizations are unable to react in a timely manner (less than 10 minutes). Administrators or managers on duty do not have the knowledge or permission to decide if a database should be shut down or not. If they get the permission from the management the data is already gone and abused
or probably published on the web.
The following talk describes how to implement a selfdefending database which automatically protects against these kiund of automated SQL Injection attacks. By using built-in functionality of Oracle and MSSQL the database itself can detect SQl Injection attacks and react by killing sessions or stopping the entire database.
Additionally we will show how to identify the usage of SQL Injection tools against application server inside the database by monitoring SQL statements which are currently executed. This allows you to find out if bad guys are checking your application with these kind of tools (even if not successful).