Instrumenting Microsoft SQL Server to Abort Dangerous Queries

Hernan has added a new feature to the code offered in our article SQL Server Interception and SQL Injection Attack Prevention. Now it is possible to cancel queries as well as watch them. The code sample uses the Deviare Interception Engine’s call-skipping feature to abort the execution of the CSQLSource::Execute function. The code distribution includes a customized Deviare database for adding the definition of CSQLSource::Execute function parameters. To use this feature you must invoke the application with the “-a” switch in the command line.

We also improved console debugging output and fixed errors that came up when exiting sqlservr.exe. If the developer has a Deviare license, it can be added as a license.txt file in the application directory to disable the splash window.

If you liked this article, you might also like:

  1. Capturing Unencrypted HTTPS Requests and Responses (As Seen at BlackHat USA 2013)
  2. Recording Direct3D Video Games and Calculating Frames per Second
  3. Controlling the Speed of YouTube Videos

Resources

  1. Open Web Application Security Project