Detect SQL Injection (SQLi) and XSS

LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.

LibInjection-Detect-SQL-Injection-SQLi-and-Cross-Site-Scripting-XSS.png

SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.

In addition, the algorithm categorizes SQLi attacks and provides templates for new attacks or new fuzzing algorithms.

LibInjection currently supports:

  • C and C++
  • PHP
  • Python
  • Lua
  • Java (external port)
  • [LuaJIT/FFI]

LibInjection is available for integration into applications, web application firewalls, or porting to other programming languages.

You can read more on LibInjection here.

Check Also

Whispers: A Powerful Static Code Analysis Tool for Credential Detection

“My little birds are everywhere, even in the North, they whisper to me the strangest …

Identifying harmful activity on your captured traffic

This Python script utilises Wireshark or TCPdump to analyse network traffic stored in a specified …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading