Hedgehog 1.2 Adds Context-Based SQL Injection Security

• By David Kopf
• 11/30/07

Sentrigo has enhanced its Hedgehog database monitoring software to identify SQL injection security problems in database built-in packages. SQL injections in packages have represented the lion's share of database exploits in recent years, according to the company.

The security solution provider claims that its Hedgehog 1.2 solution can spot difficult-to-detect SQL injections, especially unknown ones, thereby helping to avoid potential "zero-day" attacks.

Sentrigo's literature explains that Hedgehog 1.2 accomplishes its SQL exploit detection via a method it calls "context-based SQL injection detection."

Rather than track the signatures of known injections, Hedgehog monitors database activity, such as actions run by packages, triggers and stored procedures. To detect unknown injections, Hedgehog examines the context from which SQL statements originate, as well as the types of commands used and the user's access privileges.

Hedgehog can detect improper commands. For instance, when a package has the definer rights of a privileged user and initiates a command that is incongruent with its intended use, Hedgehog will recognize this as a manipulation via SQL injection. Because the software monitors the database memory, it can detect these instances when they occur. The solution is capable of tracking activity from outside attackers, as well as threats from the inside.

Hedgehog 1.2 is currently available from the Sentrigo Web site.