LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
2021-05-07 23:49:00 Author: www.darknet.org.uk(查看原文) 阅读量:172 收藏

Navigation



Last updated: May 7, 2021 | 33 views


LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.

LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.

In addition, the algorithm categorizes SQLi attacks and provides templates for new attacks or new fuzzing algorithms.

LibInjection currently supports:

  • C and C++
  • PHP
  • Python
  • Lua
  • Java (external port)
  • [LuaJIT/FFI]

LibInjection is available for integration into applications, web application firewalls, or porting to other programming languages.

You can download LibInjection here:

Or read more here.

Posted in: Countermeasures

Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.

May 7, 2021 - 6 Shares

Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.

April 19, 2021 - 165 Shares

APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.

March 5, 2021 - 192 Shares

GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc

February 3, 2021 - 123 Shares

GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process

January 1, 2021 - 161 Shares

zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.

December 7, 2020 - 228 Shares



文章来源: https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-and-cross-site-scripting-xss/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
如有侵权请联系:admin#unsafe.sh