SQLiBENCH is an OWASP SoC 2008 project to benchmark automatic sql injectors related to dumping databases.
There’re a bunch of and great open source tools (takeover/dumpers/hybrid) for taking advantage of an sql injection vulnerability both used by web application security specialists and attackers. Techniques used, databases supported, algorithms employed and abilities implemented by these "sql injectors" greatly vary.
It should be important to standardize general vulnerability techniques exist in web applications and one of the biggest one is sql manipulation. In our effort, we aim to produce a standardization of techniques used in exploiting sql injection by automatic tools (mainly on dumping databases).
The goal of the project is to create a detailed set of benchmarking criteria for automatic sql injection tools and applying these to a set of open source sql injectors, producing analysis/benchmarking reports. Additionaly, in a semi-academic manner, algorithms used by targeted sql injectors will be analyzed both implementation and complexity vise.
Another neat thing that came from the project is a matrix that outlines the various SQL injection tools, and what functions it supports. That document is called the Injectors vs. Criteria Matrix v2.1 and can also be found on the SQLiBENCH homepage.
Tags: OWASP, SQL Injection
No comments yet.