Attack patterns in database and more attack detection support

Akash Talole
17 March 2016, 10:51
How it will be possible to add attack detection pattern added into database and more attack detection in database. It should be dynamic.
Hugo Leisink
18 March 2016, 10:25
What patterns would you like to add? With what user input and query is SQL injection still possible?
Akash Talole
18 March 2016, 12:16
I want to add patterns for XSS, SQLI, RFI, LFI, CSRF, Remote code execution and more for attack detection.
Hugo Leisink
19 March 2016, 11:37
Hiawatha only has patterns for SQLi. The rest is detected in another way. What SQLi patters are missing according to you? How is SQLi still possible?
Akash Talole
28 March 2016, 09:15
How i can write a common function for all types of attack pattern detection ?? So that i can add more attack patterns in hiawatha that will provide security to my websites. Currently you used init_sqli_detection, prevent_sqli, prevent_sqli_str etc. i wanna these common functions that will detect all types of attacks. so how i can change in code for that functionality.
Hugo Leisink
28 March 2016, 15:55
Look in src/target.c wherr the calls to prevent_sqli() etc are. Extend there.
This topic has been closed.