libinjection: a C library for SQLi detection and generation through lexical analysis of real world attacks.

See the libinjection project page for more details.

First presented Wednesday July 25, 2012 at Black Hat USA, Las Vegas,
NV. Augustus I/II at 2:45pm

Original Abstract

SQLi and other injection attacks remain the top OWASP and CERT
vulnerability. Current detection attempts frequently involve a myriad
of regular expressions which are not only brittle and error prone but
also proven by Hanson and Patterson at Black Hat 2005 to never be a
complete solution. libinjection is a new open source C library that
detects SQLi using lexical analysis. With little upfront knowledge of
what SQLi is, the algorithm has been trained on tens of thousands of
real SQLi attacks and hundreds of millions of user inputs taken from a
Top 50 website for high precision and accuracy. In addition, the
algorithm categorizes SQLi attacks and provides templates for new
attacks or new fuzzing algorithms. libinjection is available now on
github for integration into applications, web application firewalls,
or porting to other programming languages.

Nice shoutout from Veracode's blog on what to see at Black Hat 2012:

“Libinjection: A C library for SQLi Detection and Generation Through
Lexical Analysis of Real World Attacks”. Comments: “Although there’s
been some nifty research in mitigation and prevention of SQL
injection at the language/compiler/API level, there’s been a strong
tendency for people to publish a PoC and let it languish. The
description appears to be aimed straight at app developers, which is

See the libinjection project page for more details.