tldr - powered by Generative AI

• SQL injection attacks have been around for over 20 years and some defensive capabilities have stayed obsolete and manual
• CDN logs classified as SQL injection attacks can be used to refine and optimize security rules
• Data mining techniques, specifically elements taken from Natural Language Processing, can be used to analyze SQL injection payloads, clean and curate them, break them into keywords, and find the best relation between them to gain new insights
• The process includes five steps: collecting and cleaning the data, choosing keywords, creating a matrix, creating relationships between keywords, and clustering keywords to gain insights
• An anecdote is shared about encountering a registration website that did not allow certain characters in the first and last name fields, potentially as a protective detection mechanism against web application attacks