Can You Find SQL Injection Vulnerabilities with Spirent Avalanche NEXT?
An odd idea stroke me when watching the Avalanche NEXT presentation during Networking Tech Field Day – they have a fuzzing module that you can use to test whether your servers and applications survive all sorts of crazy illegal requests. Could that be used to detect SQL injection vulnerabilities in your web apps?
It seems the answer is YES (at least based on the answers they gave during the presentation), but it would be nice to have a more definitive one. Comments most welcome.
Watch the videos
To learn more about Avalanche NEXT watch the NFD6 videos: overview presentation and demo (with loads of geek fun).
Spirent was a sponsor of Networking Tech Field Day 6.
There are some owasp advices to prevent this kind of attacks: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Basically talks about use prepared queries (avoiding dinamic queries), use store procedures to detect anormal updates, beware of escaped characters,.. You can see other tools as Green Sql which is a database firewall with sql injection prevent features: http://www.greensql.com/ or use web application firewall with signatures of sql injections plus some other types attack signatures and use integrity monitor on databases, a approach in the same way as file integrity checkers but with database data.