cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

DAM Use case 3: Database Protection – SQL Injection Scenario

Database Protection – SQL Injection Scenario


Unusual amount of Sensitive Data is Accessed.


Prerequisite:

Installation of the McAfee DAM Sensor at the Database.

Database monitoring configuration

Monitor SQL injection attack

Monitor every selected query that is going to the database and also the response of the query.


Scenario:

We need to simulate this scenario:

  1.   External Hacker spider the web application using well known easy hacking tools, when he succeeds to get in then. 
  2.   Finds a SQL injection flaw and injects code (malicious data) in the database
  3.   Waits for legitimate user select through the application certain records in his database, now has abnormal link back to a malicious website, when he clicking on the website he is clicking on his own data which has been manipulated and it is good to make harmful things. 
  4.   Now the legitimate user access code using browser
  5.   Browser executes malicious code.

McAfee DAM monitors the SQL injection and sends an alert.

Note: If you want to monitor SQL injection attack you have to be able to monitor every selecting query that is going to the database and also the response of the query.

DAM3.png

Note: It is highly recommended to create a correlation rule at the McAfee ESM to detect the SQL injection and if there is McAfee IPS behind the firewall we can also do automatic block for the attack immediately and add the IP address to the black list of the Sensor.

1 Reply
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: DAM Use case 3: Database Protection – SQL Injection Scenario

Hello,

It could be helpful:

https://kc.mcafee.com/corporate/index?page=content&id=KB89299

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community