Database - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Database


A Context-Aware Approach to SQL Injections



 By: Brian Prince
2007-11-26
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Database story.


Rate This Article:
Poor Best
Sentrigo uses context-aware technology to detect and block SQL injection attacks in the database.

In an age of multimillion-dollar data breaches, detecting and thwarting SQL injection attacks against databases has never been more important.

However, doing that means more than analyzing applications for vulnerabilities during the development process. It also means being able to monitor and detect whats happening to a database.

Sentrigo, based in Woburn, Mass., is hoping to make its mark by bringing context-aware technology down to the database level to detect SQL injection attacks, a tactic company officials said is superior to other methods of detection.

Sentrigos product, Hedgehog, directly monitors the databases memory and examines the context from which the SQL statements originate, as well as the types of commands used and the database access privileges of the user.

Context-based detection is better than other methods for three reasons, said Sentrigo Chief Technology Officer Slavik Markovich.

"One, unlike signature-based methods, it doesnt rely on expression matching in the SQL statement itself and therefore cannot be evaded using small variations on the original exploit," he said.

Resource Library:

"Two, it is false-positive proof. If you detect, for example, a privilege grant command attempt from within a package that would have no business issuing such commands, you can know for sure it is the result of an exploit. There is simply no reason for anyone to do this for kosher reasons."

The third reason, said Markovich, is that because context-based detection uses context to determine the legitimacy of command coming from packages, it is effective against zero-day exploits.

"We dont need to know the exact SQL injection or even somewhat different hacking methodsif they target built-in packages and attempt privilege escalation we will catch it," he said.

Officials at Imperva, which competes with the smaller Sentrigo in database security, said a more holistic approach to combating SQL injections is needed, not just monitoring the database for activity at the object level. Imperva introduced profile-based detection technology known as Dynamic Profiling in 2002, which creates a model profile of every user and blocks malicious activity and policy violations by comparing user behavior to the profile.

"Impervas SecureSphere provides more effective security by protecting the database as well as all avenues for accessing the database including Web/application servers, application processing requests, the operating system and the protocols being used to transport sensitive information," said Imperva CTO Amichai Shulman.

"If any of these elements are left unmonitored and unprotected, a product is only securing the front door, while the back door is wide open, leaving data at risk."

To Shulman, monitoring database activity without any information about the application and Web side of the transaction provides only half the context necessary to make accurate decisions.

"Both halves of the equation are needed to block all attacks, while avoiding false positives and permitting legitimate usage," he said.

In an ideal world, SQL injection problems would be solved by removing the vulnerability from the Web application to begin with by using tools from companies such as Watchfire and others, said Neil MacDonald, an analyst with Gartner.

Sentrigo upgrades database security product. Click here to read more.

"What Sentrigo is talking about is not conceptually different than Web application firewalls, which can look at inbound and outbound traffic and enforce rules on what the application receives as input and what the application should send as output," he said.

"Adding context into security decisions results in better, more relevant security decisionsfor example, fewer false positives and false negatives. This trend is occurring in all aspects of information security. "

Still, analyst Eric Ogren of the Ogren Group is skeptical that an organization that will block a SQL instruction from executing based on a dynamic assessment of abhorrent behavior. Organizations need both a signature and context-based approach for effective security, he said.

"Its hard to argue with the value of signatures for predictable reactions to know security events," he said. "However, vendor signatures can never catch anything new or reflect unique business deployments. Sentrigos approach is very useful in alerting security to a problem, and the problem will be corrected with virtual patching, signature filters, or other static means."

Ogren added that there is no easy answer for database security. "It is not a defense-in-depth story; rather [it requires] an integrated approach," he said.

Check out eWEEK.coms for the latest database news, reviews and analysis.





  Reader Comments: A Context-Aware Approach to SQL Injections
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Database Articles          >>> More By Brian Prince
 


x}r㶲s\@♵M푦d[kŶ,xMT(S$IVreoВ/㩱%lݍFλ$i9cr3ݩkj΢.w߽ ![f8iTE[ ]ߤ~Am;t =4mFNHB~}@~sfwD%x_'Щѩ&€wɄZIКؕ>}~qlv .hvLIlG5tuGpnFA|QCѺQQy$pm<$Q}# QT5I ib1lp2E%$7 .mq_0/<mJa͢4-I` o$SNE ;- uvPy۬ MZ!rƒ) uK3Q8nZK}0[RFp&\ ДQCלذ 1"%hJyOՋ"}Et"Aͩ8 (J!bN3E !\J!=! g|8Jn.b? [Z&чfmٜ҅%]WcLQcL .Cuv}BzW^?]{և6LqJjhX.B2iKB0qkꛛZG_@r /*rkh 2ud8԰1nґ>âxgtA`:)ҧ!>RӚMCqRO#Gs>H2胎6mb8-" ,70}HOqI 47X(}ZcOg6/|\a֔^탉i$>6(Z\?`c VC@B뎂9{׿ޚB"QފС4aqj =*~3=w}   @l߃5#~[-[Z6x O͙A }(~9-WRC/0""D% R h4AGEBENA7gw$]Vi+RaD4T*nOu$cwV*2ڹLX)gQY,p[/)͙J2d0U Q򍜘=b`&Qea*0pRx5Vn,`oʡW鐦 2,XCtH{4l` [NHNt0iH\UNa9=熳a\9:<f335g{80q}`] k9wtݴyBSˁ2&$vTD>L˄Fr&=6=g=϶Y$tuK\w;u`漇d:Nk'hm7?>{@O-\nb4դ/4<3_O#kۖs7M ߄T 9u# \ă r}͚X 4ؐ9|&B77cnS^ʚtUU.FiJ W318 FLyG ('wJFJV !zh'>eg HlYWo%,~k%fcPouJiO_%9&ےx A-ʘŗZZG"JP>V "Cɧ8$&le6LE6pZ#nP jrIj#SVhVK^Me+ L 4 op*7`bB0 OaNcy6tAz{fl.>q *l|2ː 7q'JkX"lM M=t%<42.|O\V,'0sgеSҝa|ia;m/ eKKXQ>Om V!҇DD+ه0`,E=_GMR^ z0iTW+JIUӤck@Lf2,rGmAu،;s<}Zj\X,>9R>5 < đOT׃RUaT(j];12­q͝a&1 DR)Ö1Swhi'T'/咢TSАah"pHEAxZkhp\@U.)L-9Hz  [ hg [QznSCz+n `RI?I BL!2B3ݧ==1g匬~`" dRPZUU+òZp~W`q,(xO?b5xh/Op{/Ne6ZPz;ܦ[pK9s㓏Sp c.# ,c` $̮fG`ã R)P^Cs2](:h3 siﭢz8_n?:!/ɘVIaۂf28ʇF18= [ ٔ|{.J 5:߼=Fh=Эt;Gq;Y qLϡRB7PU ōfπiNdž m}  m_ۯ `EOwDF3۝>S"s8ߊIUfS΁MOT%0=@" c]f.g|]~oLQXGVUe@5yJ1k % =EZЋvcSLJ.]ITY)(q g@Vf2U+WkU"m=,N =X Z=4~ z|IcEi\kxk(OU?2:i1RʵRM()CoED\vOJ9 ^M lZKqXCKkp= -2j=uR/̖ K%4e%3E/-9@Xe!eO.lWJ_0]HX9H(P+ YGۻBlpI75 ),3>&L{~;Atf; {Hڝg8 ^x;,5.H˓Hݏ'R&Fø@o9)P K1CE1>dt߫]=+coZ''5a=;oF"^9 us)d}=^xsٖҽNWs5A DH·䄬W!yۭFS̠o2XGz0<㥑a3+"APK}͙b9ki.Dz=t_5g0T p- ۵}g#s}uYLPH:>X!aPHR ~tIwu .V_d@Anp+z!NU HE*e4ДKe=:)K<;iw[) 5[E_ѫſ}YVST t6~OWK0fAba+F+=ǭN:H|I NAN>os_,ĨC9r 7{KP -Mu?So2MĜykNEm {6-~=`rvGP2)bz&IZ[Ũ ݖ:`<5 :)Oz.Op|Nik'i^VӲQ6T$4%44QLNC]F+dC7g һj]nNpVHpo6_xvImK$h dgKe֊2 pkP q<+ b >ϣ#+y-EY-Vyғ;q9z])yLU9 gEuX.9Uk۾N+ttO$Zȍڑq eީӊNf|mu+ɅNo5W3kyR̵j s2fucBNj=095kѧ@ǂ n A] j9GqXx,u|S5L`]EE<.%g-;-QL.I߾&3P +=Ƃy }G7om\=eNd>HАYc=ty8#-[^:ݷ͆ؓ{Jǻoc Ǯv'ۻw}Zw[q*ApC<-L?Gfc: M"IQU֭UdU)I=Y)GG8Lb`@L6#Oځ{-3(#F-߸_2{K#7Kx=*AOO4v4 ]ekw}B%umJ+z%nwQZhr;Tʂ%%դy(IQ)"{"F%{two FuU6mt_cy‡i襶N<;曂; `!3( а5MH!qG )4T8hl?|nwcJljl 41Qh9o٦h "a' FYOC,' p$|#؈O_Oo*NƊ f™+ꈧ Wך|ebƚKKLBI|pIM{fr+ 7EAn˸!E%ÖdN._2Zl뎟2d]nLJ`$vX{3G)ie_3LBw\{d 9ZxXc ߤ5>m]:GʾZMCCb 5c%];")i9蓐BWBỺ1m,W$Jě)y89R u // ˕ j=yeīp[v5C01E ?bZ:inp'w`Ŗ(,x1p]w+Iٛǀ5ɂ 9p.€byf.`XYVZ4ÏLg=Pg@È-=[X~+ FםF*ԦHf[$m5#]*K0-q] Jv&3Po>Ձ] t`$00+1>;/UKVN?0sI"A@D"  Q.`FF4%WF<1nlsÊ mnIU%6}-g)ן@96WRT&tc6dvkŖt$X'N:m_ו7@HW#26ͲNu"WDgS\OPʦZ~:j`WL<<:ίmmҍO[4X;^//#u MDla3xKPme4ÃtMm3kÎw(8?קrMԝY-[@9!D $n+Sf/EX=5y-~`>\y e`ܸ:wi%=}Vx,{XN9w'ˇk+ ped-s=LC̦ -@ D#A@!ؗIMqmnZ=Y+1%amFo*ȍtb>^vG%ˁoleU!"I^$ޏ!|—%QruY 9ÊyI>A^Yñ 暂e19cʮGXY37ZIy@]u sLVHb_@>X*7@AZ@9z &cuaً)M}jwTU)HC¸ʹqzގimަ Q6}7Z\`'q ^:Ya8͍&E)3y'Н;C Bg؁x4`*Z\r.3.Y$)φW*Jܚstzm)7,}M\"W{|K ߁s:\Ϝ 4@3MqP!Τiygf5Nmcy6S7ZxM_ o&`zljVs8T#y=Uֿ忍}:uR6y,徯Gjp,Ɖu)f{c~BP2o2@44kI/NI&8ǦpGFh 8eYXYƓ@FyDR ,m$%=D/].ޮb>ܹF&?X _ 7/K{~i :Y}KEȼ ti;hOҷf>#b1DKb@/jʐ]LL@ aWDEM͆xq{06#D"ڜ>3-yM13цX50~fBܑyVy ;k+mLtV8Ow| e޼vwO %YՉJF[ mݹ]h!5&xڢ#2{n JԲ#@8);= ?_3$UXOmt{JoV!!_/ժsZ>s5˪p8ˁUC-#9x ķq/}ZpY$XkO:Vga^N0wRʥz5y[9i<Žw&ELF)erO}TK[RJH`o2o)O,q'a- <z1W-vgqMvѠjW嗎h@dَ0K{EMF^[C5XtęO}NLUtMЭT2^@/ֹ3B;w^?r}sι}?raeYye 66Ƕlva|Duv7H tNtGw,}@8n`a8TJ o J}J0'7ZeU!TPRֿ|Ɉֲs%,vz 4F| EI)<1^+@ZBB(YYv' o.'>Wov/>VHՕݷod}extJ"Fr[-ei`D鈎&}q^8EG :ᛒWZ-UF/|T3/b#-Ѩ#>I-11K= o~{@\q 81q, Ye)+փފ> rF@YfOGP56D:noퟑZsrپ靷u=<swB&#x=gS]\ hs>z(4o!'vq]Q s,a]ąي_r!̆\oX|J71>B$!ioF˞0%s~! gL-G DBĴ"c)41GJ[!1}ɹcMN퓔pxXҚ0! YC) \ߊ-6"))ĴF#1C3꼆͈)iAY8}|v[/ T6CĊ1gOiX$_@1JB Q tR?t]\VP*@H>S|??~eKM)Qw3a/xQ3SN\<7Yef xpx} 5tHM< 2BvkQ.閣FMQpV#ߛ~Sg8 XKWHmݜ(8z1I)t#K/Hzsp򍵡&H@PbJ])IdR|:PJ|+R0cU+_cPw^7DKz+YT( I+;}^hh t0 c3brOtvcٺ:LNפENmx;\;Kr>(lkEߢֳQQqi}uݹhL湾,Ǜ,# rzٺh3;eFq(M1B*rKxu< /%Lqx&0̟D~D(/& ƕ^-ӄ-xecޤurr|j%6N#g5^L#ǮuƫN8mzVZ+!(8iz67a\nq4ħyOB32[E9yNPsN/PKN5_/?nrʻP)GN/?sʏx})4>r#\_~)4:;'f$g:9NN?r?C<^h3>E">"@\9_^E^ ?唟AYN?9P~S{3 ?9s w3~]7]?/WW9q_ s?=__P>'(W}Sn&&oonr/=IR<9k]T(RhK "S^9,.Os'{'sg#q$]a芫-5nk ǤZuv^_BKHe^ٛLGP/<,Y}Mʱ 4rk 7[yDYII{2}tEi>r𞫫i@Lwe<_[nNJ>s\ȜHǣWɴVی 9|,y|8SNt71 }^1 B8 v @9z_EwMw[0/:)7.p{Zӛ\ڎwڝGf{ueeDb;w6 K췡^ţu.T+6:7q3[ ňàs H? }U?f6cB&Hu>j}hl(O>*8z:I<w RK,^ ,>xO15EL=#jhN_i{@$?# RfCZִZjVU 'Hd6##"(txo5ɪ"+uw9 8]V*r `" *s>P`24UF` Ԋz!OJ1=4`­tK_cwp EЧc /)v̆#˘Q͛YH~æJጽNѯDʑ $1` HLBOsgq=u]  YI 4,XA0|YǤi!#lɒ]k"bؖ"['mgS&L; ,E~f&g- ĠG8О#c7B~ 22Sb7q]^:&23U{6o\xT "esESB` ,j?=[nb橵U$7OS ɝErby063OH> N#V}># Ⱦ8ty9e"r*xw么p2 {Aֆ`:}냴3h^jIe-L&$C(93 3_%w.'"Ur;*1@u$b V$G3x7X%05:%xbQf72ml@P] -^L ?}S6dm*[20tgG|םHZqwfhė_1xh+#/$`ƨ49o-*hBNy/@hEa'R1<zH|c,XoOT*L[ |qK:AN$Kd/-YݨoˊLsӃ(3R^◓M K7 J,݈SAQ6+yJ>? T|- 5\6$DR }J0yN:mv8A9DEPީ!/[v2R*4%NSЌxoNEy?ĵ M؆;q^'d9f7o#+nv˧Tg7>5ك|2p6g!(ĉ0ϋz 9@/7A{} r@c],1ngo`SCl .7'.O]& xWa! e;1KMP`O3M|B p#Q*Ү^x9Na^ۺ+AўXm0o6`/#]^$c`WH؂{Xi[1RpCV)tO=㋰AVt3#W5`/=2H]k6qS`hwq#ƫ1ucVBR(at!L?U1?c5VIٶ7G,cݰ Qa[:6 n ۊ uy˷DM\7'me#FP1M)?&Il} ra|X ^|޹+o=ȉe6뙣\g0^n,eH}+qd.GDI Ik.-wvua4,Lb9"[^'QI 8VRжX3e"@a)5dBLN7 S 3pRaL (b[иxTL+ 52lt* X*!Ko[G%IDb$8ґCA؞BJ>e3C7Dn0Br= d[Hօuv\j/cY4~1<99.@OI"cXM1}a`|1GtƙW.rW?a%P|^khYi/.:xH%D}Sw= ɳaFK;O(Uƥp?XQ|=^'`gh-/=jD*(Ksӽ>igA0|Us!]uM+_0ZF-<#DYfCժZ-Nj|ۊ#iQg8&rYOr};7 D^4†mJPU&s)c MW\h\)MCS9U/;V&|&Z2c{͵N_ l)