Effective SQL Injection Attack Reconstruction Using Network Recording

Web applications offer business and convenience services that society has become dependent on, such as online banking. Success of these applications is dependent on end user trust, although these services have serious weaknesses that can be exploited by attackers. Application owners must take additional steps to ensure the security of customer data and integrity of the applications, since web applications are under siege from cyber criminals seeking to steal confidential information and disable or damage the services offered by these applications. Successful attacks have lead to some organizations experiencing financial difficulties or even being forced out of business. Organizations have insufficient tools to detect and respond to attacks on web applications, since traditional security logs have gaps that make attack reconstruction nearly impossible. This paper explores network recording challenges, benefits and possible future use. A network recording solution is proposed to detect and capture SQL injection attacks, resulting in the ability to successfully reconstruct SQL injection attacks in order to maintain application integrity.