Test model with `sqlmap`

[mostafa]

Test the model to see how accurately it detects SQL injection attacks run by sqlmap.

Test No. 1

Tested the v1 model with sqlmap against the sql-idp-app, which resulted in ~81% detection. Also, sqlmap detects that a WAF is blocking the requests. To improve the results, I added libinjection-go, but I didn't test it after that.

flowchart TB
    sqlmap -->|"send malicious data to the app"| App["SQL IDP App"]
    App <--> GatewayD
    GatewayD <-->|connected| PostgreSQL
    GatewayD -->|"Is it an injection?"| Plugin["gatewayd-plugin-sql-idp"]
    Plugin <-->|"tokenize and sequence the query"| API
    Plugin -->|"Yes/No + prediction score"| GatewayD
    Plugin <-->|"Detect SQL injection"| ML["ML Model"]
    App <-. "connected to PostgreSQL via GatewayD" .-> PostgreSQL

Loading

[mostafa]

This is done almost every time I change the DeepSQLi model and the DeepSQLi v2 now has a lot of improvements that prevents any SQL injections from reaching the database.