D3-DQSA

Detect
Database Query String Analysis

Definition

Analyzing database queries to detect [SQL Injection](https://capec.mitre.org/data/definitions/66.html).

How it works

Some implementations use software hooks to intercept function calls related to database query operations. Other implementations might intercept or collect network traffic. The database query string is then extracted and analyzed with various methods, for example:

Detecting specific administrative SQL commands

Anomalous sequences of commands when compared to a statistical baseline.

Anomalous commands for a given user role.

Considerations

Some capabilities sanitize queries before permitting them to be transmitted to the database. This incurs risks such altering data in an undesired way or breaking application functionality.

Artifact Relationships

This defensive technique relates to specific digital artifacts.

analyzes
Database Query String Analysis
Database Query

References

Reference - System and method for internet security - Cylance Inc