Forum

How it will be possible to add attack detection pattern added into database and more attack detection in database. It should be dynamic.

What patterns would you like to add? With what user input and query is SQL injection still possible?

I want to add patterns for XSS, SQLI, RFI, LFI, CSRF, Remote code execution and more for attack detection.

Hiawatha only has patterns for SQLi. The rest is detected in another way. What SQLi patters are missing according to you? How is SQLi still possible?

How i can write a common function for all types of attack pattern detection ?? So that i can add more attack patterns in hiawatha that will provide security to my websites. Currently you used init_sqli_detection, prevent_sqli, prevent_sqli_str etc. i wanna these common functions that will detect all types of attacks. so how i can change in code for that functionality.

Look in src/target.c wherr the calls to prevent_sqli() etc are. Extend there.