0 Replies Latest reply on May 16, 2016 3:32 PM by yassinezeroual

    DAM Use case 3: Database Protection – SQL Injection Scenario

    yassinezeroual

      Database Protection – SQL Injection Scenario


      Unusual amount of Sensitive Data is Accessed.


      Prerequisite:

      Installation of the McAfee DAM Sensor at the Database.

      Database monitoring configuration

      Monitor SQL injection attack

      Monitor every selected query that is going to the database and also the response of the query.


      Scenario:

      We need to simulate this scenario:

      1.   External Hacker spider the web application using well known easy hacking tools, when he succeeds to get in then. 
      2.   Finds a SQL injection flaw and injects code (malicious data) in the database
      3.   Waits for legitimate user select through the application certain records in his database, now has abnormal link back to a malicious website, when he clicking on the website he is clicking on his own data which has been manipulated and it is good to make harmful things. 
      4.   Now the legitimate user access code using browser
      5.   Browser executes malicious code.

       

      McAfee DAM monitors the SQL injection and sends an alert.

      Note: If you want to monitor SQL injection attack you have to be able to monitor every selecting query that is going to the database and also the response of the query.

       

      DAM3.png

       

      Note: It is highly recommended to create a correlation rule at the McAfee ESM to detect the SQL injection and if there is McAfee IPS behind the firewall we can also do automatic block for the attack immediately and add the IP address to the black list of the Sensor.