Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Sql injection
Semelhante a Sql injection (20)
Último
Último (20)
Sql injection
- 2. AGENDA What is SQL WHAT is SQL injection SQL Injection Attack Types Prevention of SQL Injection Attack 2
- 3. WHAT IS SQL? SQL is a special-purpose programming language designed for managing data held in a relational database management systems (RDBMS). The scope of SQL includes data insert, query, update and delete, schema creation and modification, and data access control. 3
- 4. What is SQL injection? A class of code-injection attacks, in which data provided by the user is included in an SQL query in such a way that part of the user’s input is treated as SQL code SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQL engine into executing unintended commands by supplying specially crafted string input, thereby gaining unauthorized access to a database in order to view or manipulate restricted data. SQL injection techniques may differ, but they all exploit a single vulnerability in the application: Incorrectly validated or non validated string literals are concatenated into a dynamic SQL statement, and interpreted as code by the SQL engine. 4
- 5. Example of SQL injection 5
- 6. TYPES OF SQL ATTACKS 1)First Order Attack:-The attacker can simply enter a malicious string and cause the modified code to be executed immediately. 2)Second Order Attack:-The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity. 3)Lateral Injection:-The attacker can manipulate the implicit functionTo_Char() by changing the values of the environment variables, NLS_Date_Format orNLS_Numeric_Characters. 6
- 7. Injection Mechanism Injection through user input First-order Injection through cookies injection Injection through server variables Second-order injection 7
- 8. Injection Mechanism First-order injection Second-order injection The application processes • The application stores that the input, causing the input for future use (usually attacker’s injected SQL query in the database), and to execute. responds to the request. • The attacker submits a second (different) request. • To handle the second request, the application retrieves the stored input and processes it, causing the attacker’s injected SQL query to execute. 8
- 9. Attack Intent Determining database schema Extracting data Adding or modifying data Bypassing authentication 9
- 10. Inference Inject commands into the site and then observe how the function/response of the website changes Blind injection Timing attacks 10
- 11. Blind SQL injection The information must be inferred from the behavior of the page by asking the server true/false questions 11
- 12. Timing Attacks Gain information by observing timing delays in the response of the database 12
- 13. Alternate Encoding Employ alternate methods of encoding attack strings SELECT accounts FROM users WHERE login = ‘doe’; exec(char(0x73697574646f776e)) --’ AND pass = ‘’ AND pin = 13
- 14. Prevention of SQLIAs The root cause of SQL injection vulnerabilities is insufficient input validation Solution: Defensive coding practices Detection & Prevention techniques 14
- 16. QUERIES
Notas do Editor
- -Code-injection attacks: LDAP injection for LDAP directory and XPath injection for XML documents, ASP, PHP, HTML injection
- -User input typically comes from form submissions that are sent to Web application via HTTP GET or POST requests. -Cookies are stored on the client machine. If a Web application uses the cookie’s contents to build SQL queries, an attacker could easily submit an attack by embedding it in the cookie -Server variables are the collection of variables that contain HTTP, network headers, & environmental variables. Web applications use these server variables in variety of ways, such as logging usage statistics & identifying browsing trends => attackers can forge these values
- -Avoid detection by defensive coding practices & also many automated prevention techniques -Attackers have employed alternate methods of encoding their attack strings. Common scanning & detection techniques do not try to evaluate all specially encoded strings, thus allowing these attacks to go undetected -Different layers in an application have different ways of handling alternate encodings -An effective code-based defense against alternate encodings is difficult to implement in practice
- -Defensive coding practices: straightforward solution for eliminating these vulnerabilities -Detection & prevention techniques: assist developer & compensate for the shortcomings in the application of defensive coding