libinjection

libinjection is a C library that detects SQLi attacks in user input. It is designed to be embedded in existing or new applications:

  • Fast > 100k inspections per second
  • No memory allocation
  • No threads
  • Stable memory usage (approximately 500 bytes on stack)
  • 500 lines of C code (plus a few kiobytes of data)

It is based on lexical analysis of SQL and SQLi attempts and does not use regular expressions.

A python port is planned and ports to other languages should not be difficult.

Source Code

https://github.com/client9/libinjection

License: BSD

Presentations

libinjection and SQLi Obfuscation

First presented at OWASP NYC at DTCC’s headquarters at 55 Water Street in NYC on September 20, 2012.

libinjection: New Techniques for Detecting SQLi Attacks

First presented at iSEC Partners Open Forum, at Gilt Group headquarters in New York City on September 6, 2012

libinjection: a C library for SQLi detection and generation through lexical analysis of real world attacks

First presented at Black Hat USA, July 25, 2012, 2:45 PM

New techniques in SQL Obfuscation: SQL never before used in SQLi

Research based on libjection, first presentated at DefCon 20, July 27, 2012, 4:20pm

More More More

Code-coverage report coming soon.

Elsewhere

On reddit