SQL IDS/IPS

gatewayd-plugin-sql-ids-ips

Category: Enterprise

This plugin is a syntax- and signature-based SQL injection detection and prevention system (IDS/IPS) for SQL databases, currently supporting PostgreSQL. It uses a deep-learning model along with the famous libinjection library to detect and prevent SQL injection attacks. It has been tested against many SQL injection attacks using the SQLmap tool and has shown to be very effective in detecting and preventing them.

The major difference between this plugin and the existing SQL IDS/IPS or WAF solutions is that the latter are usually deployed in front of the backend services, and they usually have access to the user input data, but not the queries generated from those pieces of data by the backend services. This plugin, on the other hand, is loaded by GatewayD and has access to the queries along with the data, and is deployed in front of the database server and behind the backend services. This allows for more efficient detection and prevention of SQL injection attacks.

This plugin is currently in active development and there is heavy research going on to improve its performance and accuracy of the deep learning model.