Skip to content

gatewayd-io/gatewayd-plugin-sql-ids-ips

Repository files navigation

gatewayd-plugin-sql-ids-ips-logo

gatewayd-plugin-sql-ids-ips

GatewayD plugin for SQL injection detection and prevention.

Download · Documentation · DeepSQLi

Features

  • Defense against dark arts:
  • Detects SQL injection attacks using two methods:
    • Signature-based detection: Detects SQL injection attacks by matching incoming queries against a list of known malicious queries using a trained deep learning model with Tensorflow and Keras
    • Syntax-based detection: Detects SQL injection attacks by parsing incoming queries and checking for suspicious syntax using libinjection
  • Prevents SQL injection attacks by blocking malicious queries from reaching the database server, and returning an error or empty response to the client instead
  • Logs an audit trail for detections containing the query and the prediction score
  • Sigma rule for detection in SIEM systems
  • Prometheus metrics for quantifying detections
  • Logging
  • Configurable via environment variables

Build for testing

To build the plugin for development and testing, run the following command:

make build-dev

Running the above command causes the go mod tidy and go build to run for compiling and generating the plugin binary in the current directory, named gatewayd-plugin-sql-ids-ips.

Contributing

We welcome contributions from everyone. Just open an issue or send us a pull request.

License

This plugin is licensed under the Affero General Public License v3.0.