|
|
|
|
|
|
by cookiengineer
1479 days ago
|
|
|
AFAIK and what I've seen are mostly SQL query logs that are analyzed, in the sense that the queries that are expected (aka generated by the backend) are compared to queries that look suspicious (e.g. select * from users). Of course that's kind of assuming that the database host OS isn't compromised at that point, but it's very likely that someone got either user access or found a way to do SQL injection in this scenario. I'd also recommend to take a look at web application firewalls. Usually they mitigate all kinds of requests that look suspicious. |
|
|