Back to course

SQL Injection Detection in CLI Logs

Modern DevSecOps (The Hard Way)

Spotting the Pattern

An SQL injection usually leaves specific characters in your web server logs: ', --, ;, UNION SELECT.

Command to Detect:

grep -E "UNION|SELECT|--|'" /var/log/nginx/access.log.

If you see these in your logs coming from a single IP, someone is probing your database.