CODEWITHSUNDEEP
c#sql-injectionazure-sql-databaseauditing
Pradeep
Pradeep

Reputation: 5500

How to test Threat Detections events in azure SQL database after enable the Auditing & Threat Detection option?

In my azure I created SQL database in that I enabled the Auditing & Threat Detection option for logging audits and threat detections.

Please see the below figure for more information of what I did in Azure SQL database.

enter image description here

I wrote the below code in my controller for detecting SQL Injection threat.

   public List<UsersTable> GetUsersTablebyUserName(string username)
    {
        SqlCommand sqlCmd = new SqlCommand(
            "SELECT * FROM UsersTables WHERE UserName='" + username +"'",
            new SqlConnection(connectionString.ToString()));
        UsersTable userInfo = null;
        List<UsersTable> userInfoList = new List<UsersTable>();
        using (sqlCmd.Connection = new SqlConnection(connectionString.ToString()))
        {
            try
            {
                sqlCmd.Connection.Open();
                SqlDataReader reader = sqlCmd.ExecuteReader();

                if (reader.HasRows)
                {
                    while (reader.Read())
                    {
                         userInfo = new UsersTable()
                        {
                             ID = (int)reader[0],
                             UserName=reader[1].ToString(),
                             Password=reader[2].ToString()
                        };
                        userInfoList.Add(userInfo);
                    }

                }
                else
                {
                    return userInfoList;
                }
            }
            catch (Exception ex)
            {
                throw;
            }
        }
        return userInfoList;


    }

After executed the above code successfully, I downloaded the logs from azure portal and open it in excel like this below figure.

enter image description here

Even when I pass the username like test or '1'='1 but it will not track the threat detection in my logs it always shows the access status as success.

How can I see whenever threat detection happen or someone pass the text like test or '1'=’1 to my above SQL Query?

Upvotes: 2

Views: 352

Answers (1)

Tomer
Tomer

Reputation: 181

SQL Database Threat Detection offers an algorithm that continuously monitors, profiles, and detects normal and suspicious activities and patterns indicating potential vulnerabilities and SQL injection attacks. To reduce the false positives we worked hard so our algorithm trigger an alert only when there is high probability of attack on your database. We do not share externally the exact details of this work.

Thank, Tomer (MSFT).

Upvotes: 1

Related Questions