How do one tell the difference in code between SQL, Cross-site, XML and LDAP injections? by looking at the logs what are the key differences that make each attack standout and how do you differentiate them base on quotes and log reading?
-
Differences in code between SQL, Cross-Site, XML, LDAP injections
-
I would say from the "logging" side of things. The attack you see in logs from these different types would be spotting: 1. the Target, 2. the request being made and others anomalies like weird time access or how often in a given period of time. Also you're looking for access denied and credentials presented.
A SQL injection attack would target a SQL server. The request would be outside of the normal requests seen by users who may not normally be making those types of requests...and what data was being accessed.
Cordially,
Ronnie Wong
Edutainer Manager, ITProTV*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.
