WOBURN, Mass. -- Sentrigo, Inc., an innovator in database security software, today announced that it has added patent pending functionality to its Hedgehog software to address SQL injection in database built-in packages, often used for privilege escalation. The database hacking technique can be used in a variety of ways, many of which are particularly difficult to detect. Hedgehog, which directly monitors the databases memory, is the first product to examine the context from which the SQL statements originate, the types of commands used and the database access privileges of the user. In this manner, Hedgehog is able to identify SQL injections that are missed by tools that only track signatures of known injections.
Putting a stop to SQL injections is a substantial challenge for database administrators and IT security professionals alike, who can use existing security products to combat attacks using known SQL patterns, but are essentially without a defense against attacks that use new vectors and exploit vulnerabilities, said Slavik Markovich, chief technology officer at Sentrigo. Weve enhanced Hedgehog to provide it with unique capabilities that allow it to recognize the intended effect of the SQL injection such as privilege escalation without depending on analysis of the way SQL statements are written.
Context-Based SQL Injection Detection
Current methods to combat SQL injection are able to stop some types of intrusions, but are based on signatures or expression matching in SQL statements, methods that can easily be evaded or bypassed by intruders. SQL injections in packages make up a large percentage of critical database exploits published in recent years.
Hedgehog is the first product that detects SQL injections based on the context of actions in the database, an approach made possible by the unique visibility Hedgehog has into granular database activity, including the actions run by packages, triggers and stored procedures. When a database package initiates a command that is incongruent with its intended use and the package is declared with definer rights of a privileged userfor example a GRANT command coming from a SYS-owned packagethis can only be the result of unlawful manipulation through SQL injection. Hedgehog uses pre-defined rules to address such attack vectors for built-in packages and similar rules can be created by Hedgehog administrators for their own custom-written stored procedures.