Glastopf Web Application Honeypot software has got the capability of emulating applications vulnerable to SQL injection attacks, which will ultimately be helpful in tricking attackers into revealing their intentions. The component has been created by The Honeynet Project, a non-profit organization that develops open-source security research tools, to collect technical information about SQL-based malware and hacker attacks that will be used to strengthen the security of systems and develop attack signatures for security products like firewalls.

“The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings,” the Honeynet Project said in a blog post on Saturday. “It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code.”

The Honeynet Project recently released a report describing the implementation of the Glastopf SQL injection emulator in more detail, along with the tests performed. It revealed that the present attack rate is 10 SQL injection attacks per day, as the component can emulate multiple vulnerabilities at once. The SQL injection vulnerabilities of the Honeypot component allow attackers to write malicious data into a website’s database, extract information, and expose attack paths by indicating the existence of a known vulnerability to search engine crawlers. They call these path-based vulnerability signatures “dorks”, which serve as bait for attackers.

Undoubtedly, SQL injection is the favorite tool of hackers. As most businesses do not pay attention to database security, access these once a year, and keep crucial information in plain notepad files, this makes the task of hackers easier, hence making the SQL injection their favorite tool. After all, they don’t have to put too many efforts to extract information.

A recent example of SQL injection attack is by the hacktivist group Team GhostShell that spilled account credentials from some extremely hard targets, such as banks, government agencies, consulting firms, law enforcement and the CIA. Team GhostShell used a SQL injection tool called SQLmap to retrieve their ill-gotten booty. Also, since most of the URLs affected appear to have PHP extensions, it’s likely that the hackers used an exploit scanner that looked for specific vulnerabilities common to the PHP programming community and its services.

Giving his views on the SQL injection attacks, SiliconANGLE’s Kyt Dotson says,

“SQL injection is the major path by which both malware and hackers breach systems in the modern era. It’s so prolific and common that whenever a ‘database leak’ happens releasing e-mail addresses and passwords onto the Internet from Anonymous or now defunct LulzSec, most security professionals do not hold their breath to hear that it occurred due to this exploit. As a result, it’s extremely important to use pen testing tools that mimic the activity of tools that utilize SQL injection to determine if such an exploit exists in the current framework so it can be patched before hackers siphon the data out. Honeypots exist not just to catch would-be attackers but also to learn what new tricks of the trade have entered into the hacker community so that they can be incorporated into penetration testing.”

Nevertheless, we also suggested ways to prevent SQL injections and maintain the integrity of its users’ information. One good practice is to validate the data being entered. Or, queries can be parameterized to limit access to the sensitive information. Of course, you can limit user privileges as if a user only needs access to certain information stored on the database, then there is no reason to give them free roaming of the entire database and all it contains.