GatewayD plugin for SQL injection detection and prevention.
- Defense against dark arts:
- Detects SQL injection attacks using two methods:
- Signature-based detection: Detects SQL injection attacks by matching incoming queries against a list of known malicious queries using a trained deep learning model with Tensorflow and Keras
- Syntax-based detection: Detects SQL injection attacks by parsing incoming queries and checking for suspicious syntax using
libinjection
- Prevents SQL injection attacks by blocking malicious queries from reaching the database server, and returning an error to the client instead
- Logs an audit trail for detections containing the query and the prediction score
- Sigma rule for detection in SIEM systems
- Prometheus metrics for quantifying detections
- Logging
- Configurable via environment variables
To build the plugin for development and testing, run the following command:
make build-devRunning the above command causes the go mod tidy and go build to run for compiling and generating the plugin binary in the current directory, named gatewayd-plugin-sql-ids-ips.
We welcome contributions from everyone. Just open an issue or send us a pull request.
This plugin is licensed under the Affero General Public License v3.0.