SlideShare a Scribd company logo

Web Application Security (PHP) Data Validation Strategies

Download as PPSX, PDF
Z
zakieh alizadeh
Technology
1 of 44
Web Application Security (PHP) Zakieh Alizadeh zakiehalizadeh@gmail.com APA Laboratory – Ferdowsi University of Mashhad
Session 3 Data Validation
Data Validation  Scenarios :  Preventing SQL Injection Attacks  Table of Content  Web Application Firewall o possible security measures of WAF  Data Validation Strategies o Varieties Of Input o Reject Known Bad o Accept Known Good o Sanitization Safe Data Handling o Semantic Checks
Data Validation  Scenarios :  Preventing SQL Injection Attacks  Table of Content  Introducing SQL Injection  Countermeasures Of SQL Injection o PHP Functions o Using Principle Of Least Privilege o Prepared Statement o Review of ORM Injection
Data Validation Web Application Firewall Data Validation Strategies Introducing SQL Injection Countermeasures Of SQL Injection
Data Validation Web Application Architecture
Data Validation Web Application Firewall  a WAF is defined as a security solution on the web application level which - from a technical point of view - does not depend on the application itself. Good WAF Main Goal  This applies to vulnerabilities in particular which have been revealed via a penetration test or even via analysis of the source code, , and - especially in the short term - cannot be fixed within the application
Data Validation Why You Need A Web Application Firewall  Threats are evolving  Web applications are the low-hanging fruitHandlig user input  Web applications are growing  Good WAF  block access to certain ports or filter by IP address  look at every request and response within web service layers such as HTTP, HTTPS, SOAP, and XML-RPC.  The meticulous inspection of web traffic
Data Validation Web Application Firewall
Data Validation possible security measures of WAF  The table below gives possible security measures in the WAF : o + very well covered by a WAF o - cannot be covered (or only to a small degree) by a WAF o ! dependent on the WAF/application/requirements o = can partially be covered by a WAF
Data Validation possible security measures of WAF  The table below gives possible security measures in the WAF : o + very well covered by a WAF o - cannot be covered (or only to a small degree) by a WAF o ! dependent on the WAF/application/requirements o = can partially be covered by a WAF
Data Validation possible security measures of WAF
Data Validation possible security measures of WAF
Data Validation Web Application Firewall Data Validation Strategies Introducing SQL Injection Countermeasures Of SQL Injection
Data Validation Applications Defense Mechanisms  The defense mechanisms employed by web applications comprise the following core elements:  Handling user access  Handlig user input  Handling attackers  Managing the application itself
Data Validation  Applications Defense Mechanisms  The defense mechanisms employed by web applications comprise the following core elements:  Handling user access to the application’s data and functionality, to prevent users from gaining unauthorized access.  Handlig user input to the application’s functions, to prevent malformed input from causing undesirable behavior.  Handling attackers, to ensure that the application behaves appropriately when being directly targeted, taking suitable defensive and offensive measures to frustrate the attacker.  Managing the application itself, by enabling administrators to monitor its activities and configure its functionality.
Handling User Input Input validation  A huge variety of different attacks against web applications involve submitting unexpected input, crafted to cause behavior that was not intended by the application’s designers. Correspondingly: a key requirement for an application’s security defenses is that it must handle user input in a safe manner.
Handling User Input Varieties of Input  A typical web application processes user-supplied data in a range of different Forms.
Handling User Input  Varieties of Input  A typical web application processes user-supplied data in a range of different Forms.  very stringent validation checks o username field • 3<length<8 • charactersand contain only alphabetical letters  the application must tolerate a wider range of possible input. o Address field • Charactersand contain letters, numbers, spaces, hyphens, apostrophes, ... • Restrict : should not contain any HTML mark-up  a blogging application may create a blog whose subject is web application hacking. o Comment field
Handling User Input Varieties of Input  Application Inputs : users input via the browser interface ?
Handling User Input Varieties of Input  In addition to the various kinds of input that is entered by users via the browser interface, a typical application also receives numerous items of data that began their life on the server and that are sent to the client so that the client an transmit them back to the server on subsequent requests. This includes o Cookies • Cookies are packages of data your servers hand out that are stored by a browser so that they can be remembered next time they return. o hidden form fields o Some Http Header (refer) o Some input that again retrive from db
Handling User Input Approaches to Input Handling  Different approaches are often preferable for different situations and different types of input, and a ombination of approaches may sometimes be desirable. o Reject Known Bad o Accept Known Good o Sanitization o Safe Data Handling o Semantic Checks
Approaches to Input Handling Reject Known Bad  This approach typically employs a blacklist containing a set of literal strings or patterns that are known to be used in attacks. The validation mechanism blocks any data that matches the blacklist and allows everything else. o exploite using a wide variety of different input o techniques for exploitation are constantly evolving
Approaches to Input Handling Accept Known Good  This This approach employs a white list containing a set of literal strings or patterns,or a set of criteria, that is known to match only benign input. The validation mechanism allows data that matches the white list, and blockseverything else.  while it is often extremely effective, the white-list-based approach does not represent an all-purpose solution to the problem of handling user input.
Approaches to Input Handling  Sanitization  Sometimes accept data that cannot be guaranteed as safe. Instead of rejecting this input, the application sanitizes it in various ways to prevent it from having any adverse effects.  Potentially malicious characters may be: o removed from the data altogether o leaving only what is known to be safe o suitably encoded or “escaped” before further processing is performed
Approaches to Input Handling  Sanitization  Example o For example, the usual defense against cross-site scripting attacks is to HTML-encode dangerous characters before these are embedded into pages of the application code char &apos ; “ &amp ; ‘ &lt ; < & gt ; >
Approaches to Input Handling  Safe Data Handling  It is often the case that vulnerabilities can be avoided, not by validating the input itself but by ensuring that the processing that is performed on it is inherently safe. In some situations, there are safe programming methods available that avoid common problems.  For example, SQL injection attacks can be prevented through the correct use of parameterized queries for database access, as described later.
Approaches to Input Handling  Semantic Checks  Some vulnerabilities the input supplied by the attacker is identical to the input that an ordinary, non-malicious user may submit. What makes it malicious is the different circumstances in which it is submitted. For example, an attacker might seek to gain access to another user’s bank account by changing an account number transmitted in a hidden form field.
Approaches to Input Handling  Boundary Validation  The core security problem with web applications arises because data received from users is untrusted.  The point at which user data is first received by the server-side application represents a huge trust boundary, at which the application needs to take measures to defend itself against malicious input.
Approaches to Input Handling  Boundary Validation  disadvntages o It would be very difficult to devise a single mechanism at the external boundary to defend against all attacks. o A single piece of user-supplied input might result in a number of operations in different App components, with the output of each being used as the input for the next. o Defending against different categories of input-based attack may entail performing different validation checks
Approaches to Input Handling  Boundary Validation  solution o An application function using boundary validation at multiple stages of processing
Data Validation Web Application Firewall Data Validation Strategies Introducing SQL Injection Countermeasures Of SQL Injection
SQL Injection  Introduction SQL Injection  A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application o SQL Injection o Blind SQL Injection
SQL Injection  Introduction SQL Injection SQL query: SELECT * FROM Users WHERE Username='$username' AND Password='$password' values: $username = 1' or '1' = '1 $password = 1' or '1' = '1 The query will be : SELECT * FROM Users WHERE Username='1' OR '1' = '1' AND Password='1' OR '1' = '1' SELECT * FROM Users WHERE username = '' OR 1=1 -- -' AND password = ''; SELECT * FROM Users WHERE id = '' UNION SELECT 1, 2, 3`';
SQL Injection  Some SQL Injection query 1' ORDER BY 1--+ True 1' ORDER BY 2--+ True 1' ORDER BY 3--+ False - Query is only using 2 columns -1' UNION SELECT 1,2--+ True Get version : SELECT * FROM Users WHERE Username=‘admin' union select 1,@@version – AND Password='$password' Get table name: SELECT * FROM Users WHERE Username=‘admin' union select table_name,2 from INFORMATION_SCHEMA .tables – AND Password='$password' Get tables of current db: SELECT * FROM Users WHERE Username=‘admin' union select table_name,2 from INFORMATION_SCHEMA.tables where table_schema = database() – AND Password='$password'
SQL Injection  SQL injection threats
SQL Injection How to Avoid SQL Injection Vulnerabilities  Using register_globals(depricated)  Using PHP function  Use of Prepared Statements (Parameterized Queries)  Use of Stored Procedures  Escaping all User Supplied Input  Also Enforce: Least Privilege  Also Perform: White List Input Validation
SQL Injection How to Avoid SQL Injection Vulnerabilities  Using register_globals • When you have register_globals=on, anything passed via GET or POST or COOKIE automatically appears to be global variable in code, this might have security consequences. • I.e. you click on url test.php?access_level=100 and you'll have $access_level = 100 in PHP. • This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
SQL Injection How to Avoid SQL Injection Vulnerabilities  Using PHP function • is_int() • gettype() • intval() • settype() • stripslashes(); ( /n -> n) • mysql_real_escape_string();
SQL Injection How to Avoid SQL Injection Vulnerabilities  Use of Prepared Statements gettype() • use PDO with strongly typed parameterized queries (using bindParam())  Use of Stored Procedures • Stored procedures have the same effect as the use of prepared statements when implemented safely*. They require the developer to define the SQL code first, and then pass in the parameters after. $a=new PDO("mysql:host=localhost;dbname=library;",“leastprivilageduser",""); $b=$a->prepare("SELECT first_name, last_name FROM users WHERE user ==:user"); $b->bindParam(":user",$id , PDO::PARAM_INT); $b->execute();
SQL Injection How to Avoid SQL Injection Vulnerabilities  Use of Prepared Statements gettype()
SQL Injection How to Avoid SQL Injection Vulnerabilities  Least Privilege
SQL Injection  Information schema  In relational databases, the information schema is an ANSI standard set of read-only views which provide information about all of the tables, views, columns, and procedures in a database.  QUICK SQL COMMANDS OVERVIEW:  UNION ALL – Combine multiple columns  ORDER BY – Orders columns by alphabetical or numerical order  LIMIT – The number of the selected field to be displayed  CONCAT – Short for concatenate which means to combine two strings into a one.  GROUP_CONCAT – Grouping all values from a concatenated string  INTO_DUMPFILE() to dump the contents of a column into a text file  LOAD_FILE() to read the contents of any file contained within the webserver back
Handling User Input

Recommended

Session3 data-validation-sql injection
Session3 data-validation-sql injectionSession3 data-validation-sql injection
Session3 data-validation-sql injectionzakieh alizadeh
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorizationzakieh alizadeh
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authenticationzakieh alizadeh
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
Web Application Security Testing Tools
Web Application Security Testing ToolsWeb Application Security Testing Tools
Web Application Security Testing ToolsEric Lai
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...Greg Sohl
 

Recommended

Session3 data-validation-sql injection
Session3 data-validation-sql injectionSession3 data-validation-sql injection
Session3 data-validation-sql injectionzakieh alizadeh
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorizationzakieh alizadeh
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authenticationzakieh alizadeh
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
Web Application Security Testing Tools
Web Application Security Testing ToolsWeb Application Security Testing Tools
Web Application Security Testing ToolsEric Lai
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...Greg Sohl
 
Testing Web Application Security
Testing Web Application SecurityTesting Web Application Security
Testing Web Application SecurityTed Husted
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Session7-XSS & CSRF
Session7-XSS & CSRFSession7-XSS & CSRF
Session7-XSS & CSRFzakieh alizadeh
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Web application testing
Web application testing Web application testing
Web application testing Nora Alriyes
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityColin English
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managmentzakieh alizadeh
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfigurationzakieh alizadeh
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerOWASP-Qatar Chapter
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Injection attacks
Injection attacksInjection attacks
Injection attacksAdamu Muhammad
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageNetsparker
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentationAshwini Paranjpe
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
Security Testing For Web Applications
Security Testing For Web ApplicationsSecurity Testing For Web Applications
Security Testing For Web ApplicationsVladimir Soghoyan
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013n|u - The Open Security Community
 
Owasp web security
Owasp web securityOwasp web security
Owasp web securityPankaj Kumar Sharma
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 

More Related Content

What's hot

Testing Web Application Security
Testing Web Application SecurityTesting Web Application Security
Testing Web Application SecurityTed Husted
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Web application testing
Web application testing Web application testing
Web application testing Nora Alriyes
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityColin English
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfigurationzakieh alizadeh
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerOWASP-Qatar Chapter
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageNetsparker
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
Security Testing For Web Applications
Security Testing For Web ApplicationsSecurity Testing For Web Applications
Security Testing For Web ApplicationsVladimir Soghoyan
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 

What's hot (20)

Testing Web Application Security
Testing Web Application SecurityTesting Web Application Security
Testing Web Application Security
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Session7-XSS & CSRF
Session7-XSS & CSRFSession7-XSS & CSRF
Session7-XSS & CSRF
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Web application testing
Web application testing Web application testing
Web application testing
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managment
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfiguration
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh Ummer
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
 
Injection attacks
Injection attacksInjection attacks
Injection attacks
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering Stage
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
Web application security
Web application securityWeb application security
Web application security
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Test
 
Security Testing For Web Applications
Security Testing For Web ApplicationsSecurity Testing For Web Applications
Security Testing For Web Applications
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Owasp web security
Owasp web securityOwasp web security
Owasp web security
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 

Similar to Web Application Security (PHP) Data Validation Strategies

Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptxMiteshVyas16
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...QA or the Highway
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksPayPalX Developer Network
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxvrickens
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Study of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their CountermeasuresStudy of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their Countermeasuresidescitation
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Security vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataSecurity vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataTELKOMNIKA JOURNAL
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 

Similar to Web Application Security (PHP) Data Validation Strategies (20)

Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
 
Security testing
Security testingSecurity testing
Security testing
 
C01461422
C01461422C01461422
C01461422
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Step by step guide for web application security testing
Step by step guide for web application security testingStep by step guide for web application security testing
Step by step guide for web application security testing
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common Attacks
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docx
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdf
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
ieee
ieeeieee
ieee
 
Study of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their CountermeasuresStudy of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their Countermeasures
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Security vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataSecurity vulnerabilities related to web-based data
Security vulnerabilities related to web-based data
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 

More from zakieh alizadeh

Session11-NoSQL InjectionPHP Injection
Session11-NoSQL InjectionPHP Injection Session11-NoSQL InjectionPHP Injection
Session11-NoSQL InjectionPHP Injection zakieh alizadeh
 
Session9-File Upload Security
Session9-File Upload SecuritySession9-File Upload Security
Session9-File Upload Securityzakieh alizadeh
 
Session6-Protecct Sensetive Data
Session6-Protecct Sensetive DataSession6-Protecct Sensetive Data
Session6-Protecct Sensetive Datazakieh alizadeh
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers zakieh alizadeh
 
Validating and Sanitizing User Data
Validating and Sanitizing User DataValidating and Sanitizing User Data
Validating and Sanitizing User Datazakieh alizadeh
 

More from zakieh alizadeh (8)

Session11-NoSQL InjectionPHP Injection
Session11-NoSQL InjectionPHP Injection Session11-NoSQL InjectionPHP Injection
Session11-NoSQL InjectionPHP Injection
 
Session9-File Upload Security
Session9-File Upload SecuritySession9-File Upload Security
Session9-File Upload Security
 
Session6-Protecct Sensetive Data
Session6-Protecct Sensetive DataSession6-Protecct Sensetive Data
Session6-Protecct Sensetive Data
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers
 
yii framework
yii frameworkyii framework
yii framework
 
Web security Contents
Web security ContentsWeb security Contents
Web security Contents
 
Validating and Sanitizing User Data
Validating and Sanitizing User DataValidating and Sanitizing User Data
Validating and Sanitizing User Data
 
Introduce Yii
Introduce YiiIntroduce Yii
Introduce Yii
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Web Application Security (PHP) Data Validation Strategies

  • 1. Web Application Security (PHP) Zakieh Alizadeh zakiehalizadeh@gmail.com APA Laboratory – Ferdowsi University of Mashhad
  • 3. Data Validation  Scenarios :  Preventing SQL Injection Attacks  Table of Content  Web Application Firewall o possible security measures of WAF  Data Validation Strategies o Varieties Of Input o Reject Known Bad o Accept Known Good o Sanitization Safe Data Handling o Semantic Checks
  • 4. Data Validation  Scenarios :  Preventing SQL Injection Attacks  Table of Content  Introducing SQL Injection  Countermeasures Of SQL Injection o PHP Functions o Using Principle Of Least Privilege o Prepared Statement o Review of ORM Injection
  • 5. Data Validation Web Application Firewall Data Validation Strategies Introducing SQL Injection Countermeasures Of SQL Injection
  • 7. Data Validation Web Application Firewall  a WAF is defined as a security solution on the web application level which - from a technical point of view - does not depend on the application itself. Good WAF Main Goal  This applies to vulnerabilities in particular which have been revealed via a penetration test or even via analysis of the source code, , and - especially in the short term - cannot be fixed within the application
  • 8. Data Validation Why You Need A Web Application Firewall  Threats are evolving  Web applications are the low-hanging fruitHandlig user input  Web applications are growing  Good WAF  block access to certain ports or filter by IP address  look at every request and response within web service layers such as HTTP, HTTPS, SOAP, and XML-RPC.  The meticulous inspection of web traffic
  • 10. Data Validation possible security measures of WAF  The table below gives possible security measures in the WAF : o + very well covered by a WAF o - cannot be covered (or only to a small degree) by a WAF o ! dependent on the WAF/application/requirements o = can partially be covered by a WAF
  • 11. Data Validation possible security measures of WAF  The table below gives possible security measures in the WAF : o + very well covered by a WAF o - cannot be covered (or only to a small degree) by a WAF o ! dependent on the WAF/application/requirements o = can partially be covered by a WAF
  • 14. Data Validation Web Application Firewall Data Validation Strategies Introducing SQL Injection Countermeasures Of SQL Injection
  • 15. Data Validation Applications Defense Mechanisms  The defense mechanisms employed by web applications comprise the following core elements:  Handling user access  Handlig user input  Handling attackers  Managing the application itself
  • 16. Data Validation  Applications Defense Mechanisms  The defense mechanisms employed by web applications comprise the following core elements:  Handling user access to the application’s data and functionality, to prevent users from gaining unauthorized access.  Handlig user input to the application’s functions, to prevent malformed input from causing undesirable behavior.  Handling attackers, to ensure that the application behaves appropriately when being directly targeted, taking suitable defensive and offensive measures to frustrate the attacker.  Managing the application itself, by enabling administrators to monitor its activities and configure its functionality.
  • 17. Handling User Input Input validation  A huge variety of different attacks against web applications involve submitting unexpected input, crafted to cause behavior that was not intended by the application’s designers. Correspondingly: a key requirement for an application’s security defenses is that it must handle user input in a safe manner.
  • 18. Handling User Input Varieties of Input  A typical web application processes user-supplied data in a range of different Forms.
  • 19. Handling User Input  Varieties of Input  A typical web application processes user-supplied data in a range of different Forms.  very stringent validation checks o username field • 3<length<8 • charactersand contain only alphabetical letters  the application must tolerate a wider range of possible input. o Address field • Charactersand contain letters, numbers, spaces, hyphens, apostrophes, ... • Restrict : should not contain any HTML mark-up  a blogging application may create a blog whose subject is web application hacking. o Comment field
  • 20. Handling User Input Varieties of Input  Application Inputs : users input via the browser interface ?
  • 21. Handling User Input Varieties of Input  In addition to the various kinds of input that is entered by users via the browser interface, a typical application also receives numerous items of data that began their life on the server and that are sent to the client so that the client an transmit them back to the server on subsequent requests. This includes o Cookies • Cookies are packages of data your servers hand out that are stored by a browser so that they can be remembered next time they return. o hidden form fields o Some Http Header (refer) o Some input that again retrive from db
  • 22. Handling User Input Approaches to Input Handling  Different approaches are often preferable for different situations and different types of input, and a ombination of approaches may sometimes be desirable. o Reject Known Bad o Accept Known Good o Sanitization o Safe Data Handling o Semantic Checks
  • 23. Approaches to Input Handling Reject Known Bad  This approach typically employs a blacklist containing a set of literal strings or patterns that are known to be used in attacks. The validation mechanism blocks any data that matches the blacklist and allows everything else. o exploite using a wide variety of different input o techniques for exploitation are constantly evolving
  • 24. Approaches to Input Handling Accept Known Good  This This approach employs a white list containing a set of literal strings or patterns,or a set of criteria, that is known to match only benign input. The validation mechanism allows data that matches the white list, and blockseverything else.  while it is often extremely effective, the white-list-based approach does not represent an all-purpose solution to the problem of handling user input.
  • 25. Approaches to Input Handling  Sanitization  Sometimes accept data that cannot be guaranteed as safe. Instead of rejecting this input, the application sanitizes it in various ways to prevent it from having any adverse effects.  Potentially malicious characters may be: o removed from the data altogether o leaving only what is known to be safe o suitably encoded or “escaped” before further processing is performed
  • 26. Approaches to Input Handling  Sanitization  Example o For example, the usual defense against cross-site scripting attacks is to HTML-encode dangerous characters before these are embedded into pages of the application code char &apos ; “ &amp ; ‘ &lt ; < & gt ; >
  • 27. Approaches to Input Handling  Safe Data Handling  It is often the case that vulnerabilities can be avoided, not by validating the input itself but by ensuring that the processing that is performed on it is inherently safe. In some situations, there are safe programming methods available that avoid common problems.  For example, SQL injection attacks can be prevented through the correct use of parameterized queries for database access, as described later.
  • 28. Approaches to Input Handling  Semantic Checks  Some vulnerabilities the input supplied by the attacker is identical to the input that an ordinary, non-malicious user may submit. What makes it malicious is the different circumstances in which it is submitted. For example, an attacker might seek to gain access to another user’s bank account by changing an account number transmitted in a hidden form field.
  • 29. Approaches to Input Handling  Boundary Validation  The core security problem with web applications arises because data received from users is untrusted.  The point at which user data is first received by the server-side application represents a huge trust boundary, at which the application needs to take measures to defend itself against malicious input.
  • 30. Approaches to Input Handling  Boundary Validation  disadvntages o It would be very difficult to devise a single mechanism at the external boundary to defend against all attacks. o A single piece of user-supplied input might result in a number of operations in different App components, with the output of each being used as the input for the next. o Defending against different categories of input-based attack may entail performing different validation checks
  • 31. Approaches to Input Handling  Boundary Validation  solution o An application function using boundary validation at multiple stages of processing
  • 32. Data Validation Web Application Firewall Data Validation Strategies Introducing SQL Injection Countermeasures Of SQL Injection
  • 33. SQL Injection  Introduction SQL Injection  A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application o SQL Injection o Blind SQL Injection
  • 34. SQL Injection  Introduction SQL Injection SQL query: SELECT * FROM Users WHERE Username='$username' AND Password='$password' values: $username = 1' or '1' = '1 $password = 1' or '1' = '1 The query will be : SELECT * FROM Users WHERE Username='1' OR '1' = '1' AND Password='1' OR '1' = '1' SELECT * FROM Users WHERE username = '' OR 1=1 -- -' AND password = ''; SELECT * FROM Users WHERE id = '' UNION SELECT 1, 2, 3`';
  • 35. SQL Injection  Some SQL Injection query 1' ORDER BY 1--+ True 1' ORDER BY 2--+ True 1' ORDER BY 3--+ False - Query is only using 2 columns -1' UNION SELECT 1,2--+ True Get version : SELECT * FROM Users WHERE Username=‘admin' union select 1,@@version – AND Password='$password' Get table name: SELECT * FROM Users WHERE Username=‘admin' union select table_name,2 from INFORMATION_SCHEMA .tables – AND Password='$password' Get tables of current db: SELECT * FROM Users WHERE Username=‘admin' union select table_name,2 from INFORMATION_SCHEMA.tables where table_schema = database() – AND Password='$password'
  • 36. SQL Injection  SQL injection threats
  • 37. SQL Injection How to Avoid SQL Injection Vulnerabilities  Using register_globals(depricated)  Using PHP function  Use of Prepared Statements (Parameterized Queries)  Use of Stored Procedures  Escaping all User Supplied Input  Also Enforce: Least Privilege  Also Perform: White List Input Validation
  • 38. SQL Injection How to Avoid SQL Injection Vulnerabilities  Using register_globals • When you have register_globals=on, anything passed via GET or POST or COOKIE automatically appears to be global variable in code, this might have security consequences. • I.e. you click on url test.php?access_level=100 and you'll have $access_level = 100 in PHP. • This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
  • 39. SQL Injection How to Avoid SQL Injection Vulnerabilities  Using PHP function • is_int() • gettype() • intval() • settype() • stripslashes(); ( /n -> n) • mysql_real_escape_string();
  • 40. SQL Injection How to Avoid SQL Injection Vulnerabilities  Use of Prepared Statements gettype() • use PDO with strongly typed parameterized queries (using bindParam())  Use of Stored Procedures • Stored procedures have the same effect as the use of prepared statements when implemented safely*. They require the developer to define the SQL code first, and then pass in the parameters after. $a=new PDO("mysql:host=localhost;dbname=library;",“leastprivilageduser",""); $b=$a->prepare("SELECT first_name, last_name FROM users WHERE user ==:user"); $b->bindParam(":user",$id , PDO::PARAM_INT); $b->execute();
  • 41. SQL Injection How to Avoid SQL Injection Vulnerabilities  Use of Prepared Statements gettype()
  • 42. SQL Injection How to Avoid SQL Injection Vulnerabilities  Least Privilege
  • 43. SQL Injection  Information schema  In relational databases, the information schema is an ANSI standard set of read-only views which provide information about all of the tables, views, columns, and procedures in a database.  QUICK SQL COMMANDS OVERVIEW:  UNION ALL – Combine multiple columns  ORDER BY – Orders columns by alphabetical or numerical order  LIMIT – The number of the selected field to be displayed  CONCAT – Short for concatenate which means to combine two strings into a one.  GROUP_CONCAT – Grouping all values from a concatenated string  INTO_DUMPFILE() to dump the contents of a column into a text file  LOAD_FILE() to read the contents of any file contained within the webserver back