Owl for IIS

Considering that SQL is widely used to query, operate and administer databases and it is consistent across all databases, it does not come as a surprise that they are commonly employed to provide backend functionality to many types of web applications. In this sense, the data generated can be used to build dynamic SQL statements that can interact directly with an Oracle, MySQL or SQL Server database.

Since the web application is getting input via the queries performed and post parameters, at times the input can lead to cross-site scripting, SQL injection and other security breaches. In order to identify the potential security vulnerabilities, you need to find a tool that aims to expose these SQL statements.

Owl for IIS is a tiny utility that allows you to correlate the SQL statements that the web application is executing in runtime with the user details, namely the name and IP. Because the data being collected is eventually executed, it means that no SQL can hide under sophisticated attacks.

In fact, the output of the query is provided to you on a file that includes all critical information, namely the processID, user IP address, captured SQL and the timestamp. The utility can also act as the last line of defense after the WAF has been tricked by a potential hacker. As you probably know, WAF or the Web Application Firewall is known to have some limitations and can allow hackers to create a backdoor dedicated to malicious code.