A SQL injection detection engine

Q:What is SQLChop? How does it work?

A: SQLChop is a novel SQL injection detection engine, it works using SQL tokenizing and syntax analysis on decoded payload of the original web input. Benchmark tests show that SQLChop really works like a charm on detecting SQLi, with both precision and recall at a very high level.

Q: Where can I try or use SQLChop?

A: For online trial, point your browser to http://sqlchop.chaitin.com/demo. For local testing or product trial, please contact Chaitin Tech email:info@chaitin.com.

Q: How to use SQLChop?

A: SQLChop is now a subsystem of SafeLine Web instrusion detection engine. For SafeLine product or detection engine, please contact info@chaitin.com.

SQLChop is a novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis. Web input (URLPath, body, cookie, etc) will be first decoded to the raw payloads that web app accepts, then syntactical analysis will be performed on payload to classify result. The algorithm behind SQLChop is based on compiler knowledge and automata theory, and runs at a time complexity of O(N).