Hi Team,
In my production on DAM, I have sql injection policy in place like in one policy i use default parameters and in another policy i have created one dictionary regex and added some parameters, but in production as per db admin sql injection reports are not helpful.
Can you help me with some patterns or best practices to improve my generic dictionary group to get genuine report and one more thing if attack is being identified but how can i get query sent by attacker(please note parsed query and raw query i have added in reports but i dont know why db admin isnt satisfied with the information provided under these columns)
Pattern added in generic dictionary group:---part="query",rgxp="(?i)\b(union(\s+all)?\s+select\b|or\s+['\"]?\d+['\"]?\s*=\s*['\"]?\d+|and\s+['\"]?\d+['\"]?\s*=\s*['\"]?\d+|xp_cmdshell|dbms_lock\.sleep|sleep\(\d+\)|benchmark\(\d+,\s*\w+\)|--|#|/\*)"
Please help with some inputs
TIA
#DatabaseActivityMonitoring
------------------------------
Mohammad Musaib Rather
-------------