Libinjection - A C Library for SQLI Detection and Generation Through Lexical Analysis

Explore a groundbreaking approach to SQL injection (SQLi) detection in this 40-minute Black Hat USA 2012 conference talk by Nick Galbreath. Delve into libinjection, an open-source C library that employs lexical analysis to identify and categorize SQLi attacks. Learn how this innovative solution overcomes the limitations of traditional regular expression-based methods, offering improved precision and accuracy. Discover how libinjection has been trained on vast datasets, including real SQLi attacks and user inputs from a top 50 website. Gain insights into the library's ability to generate templates for new attacks and fuzzing algorithms. Understand the potential applications of libinjection in web application firewalls, software development, and its adaptability to other programming languages. This talk is essential for security professionals, developers, and anyone interested in advancing SQLi detection techniques.

Black Hat USA 2012 - Libinjection: A C Library for SQLI Det. & Gen. Through Lexical Analysis