I’m somewhat surprised to see a lack of Oracle blogging reaction to the recent post on The Daily WTF which goes into great detail on a case of SQL injection. Maybe we’ve either become tired of it or we assume that “my systems don’t do that!”.
So, how do you audit or track if your system is being hit by injection? How would you detect it? Assume you’re “just a DBA” — and no one tells you about applications being deployed that talk to the database. Is there a way you could tell just by looking from within the database? What kind of assumptions would you make?