Web Application Threats: SQL Injection

with Log & Event Manager


Fully functional for 30 days

Every day, Web applications are targeted by SQL injection attacks

Data loss

Accessing intellectual property, financial records, and customer lists are often the main objective of these SQL injection attacks.

Stolen credentials

An inserted query hits the jackpot when it successfully retrieves a list of users and passwords.

Damaged reputation

Public notification of lost records is required in most cases, and this negative press can adversely impact business performance.

SolarWinds Log & Event Manager is a powerful SIEM, and able to help identify SQL injection attempts

  1. Scan Web Server logs for signs of SQL injection

    SolarWinds® Log & Event Manager includes a pre-built SQL injection rule designed to detect and stop these attacks. The rule uses a pre-populated list of vectors commonly found in both cross-site scripting and SQL injection attacks. When these vectors appear in Web application logs, LEM can alert and respond in real-time by disabling a user or stopping a process.

    Watch now Read more Try Log & Event Manager for free

  2. Monitor database error rates for signs of an attack

    As attackers attempt to navigate your SQL environments, they nearly always generate SQL errors. Identifying these errors is the best way to detect an attack while it is happening. Another symptom of a potential SQL injection attempt is a reference to system tables. It is unlikely that attackers will know the names of tables, columns, functions, and views. Examples of these system table references in PostgreSQL™ are pg_table, pg_schema, or pg_stat_activity. LEM can alert on both an unusual number of SQL errors or on system table references made by non-whitelisted accounts.

    Watch now Watch more Try Log & Event Manager for free

  3. Flag unusually high offset value

    The information an attacker can retrieve is often limited to a single row per query due to the limitations of the original query. Consequently, monitoring for an unusually high offset can help identify a SQL injection attack. For example, if an attacker changes "LIMIT 1 OFFSET 1" to "OFFSET 1000," LEM can help with the review process.

    Watch now Read more Try Log & Event Manager for free

Receive Actionable Data With a Powerful SIEM

Log & Event Manager Starts at $4495

  • Automate key compliance reports for HIPAA, SOX, NCUA, STIG, GLBA, PCI, NERC and more
  • Real-time and forensic data is automatically refined, visualized, and organized
  • Automated response to detected security threats with no scripting

or Learn more

Fully functional for 30 days

Let's talk it over

Call us at 866.530.8100

Email us at Sales@SolarWinds.com