Using the Percona Toolkit to detect and even prevent SQL injection attacks
The Percona Toolkit includes pt-query-digest, which can distill queries into a fingerprint. It is possible to use the tool to mark fingerprints as having been 'reviewed'. Most applications have a small number of query patterns, and thus new un-reviewed query patterns can indicate SQL injection attacks.
The Percona Toolkit can be used out of the box to detect these new query patterns by examining logs, and it can be extended to support distilling queries in real time. This can be used in combination with a MySQL proxy to detect new patterns and immediately deny access to (or log) unauthorized queries.
This talk will discuss both methods.