Using the Percona Toolkit to detect and even prevent SQL injection attacks

23 April 4:50pm - 5:40pm @ Ballroom A

The Percona Toolkit includes pt-query-digest, which can distill queries into a fingerprint. It is possible to use the tool to mark fingerprints as having been 'reviewed'. Most applications have a small number of query patterns, and thus new un-reviewed query patterns can indicate SQL injection attacks.

The Percona Toolkit can be used out of the box to detect these new query patterns by examining logs, and it can be extended to support distilling queries in real time. This can be used in combination with a MySQL proxy to detect new patterns and immediately deny access to (or log) unauthorized queries.

This talk will discuss both methods.


Justin Swanhart
Principal Support Engineer @Percona, Percona / Shard-Query / Flexviews
Justin is a systems architect. His most recent software development project is Shard-Query. His other interests include data warehousing, materialized views, and OLAP analysis. He also created and maintains Flexviews, a materialized view toolkit for MySQL.