SlideShare a Scribd company logo

Web application security

www.netgains.org
www.netgains.org

Any application that is served commonly via the http or https protocol.

Technology
1 of 31
Presented by:
What is a web-application?  Any application that is served commonly via the http or https protocol.  Usually being served from a remote computer acting as the host or the server.
Why is Web Application Security Important?  Web applications are used to perform most major tasks or website functions. They include forms that collect personal, classified and confidential information such as medical history, credit and bank account information as well as user satisfaction feedback.  If your organization is legally bound by legislations to protect the privacy and security of personally identifiable information, and hackers can get at this sensitive information, you run the risk of being found guilty of non- compliance.  Almost 75 percent of attacks are tunneling through web applications .  The consequences of a security breach are great: loss of revenues, damage to credibility, legal liability and loss of customer trust.
 On average, there are anywhere from 5 to 15 defects per 1,000 lines of code.  A 5-year Pentagon study concluded that it takes an average of 75 minutes to track down one defect.  Fixing one of these defects takes 2 to 9 hours each. That translates to 150 hours, or roughly $30,000, to clean every 1,000 lines of code. • Researching each of the 4,200 vulnerabilities published by CERT for just 10 minutes would have required 1 staffer to research for 17.5 full workweeks or 700 hours.  Gartner Group estimates that a company with 1,000 servers can spend $300,000 to test and deploy a patch; most companies deploy several patches a week.
How Hackers Get In ? Browser-based attacks use flaws in the web-based application code. Software most vulnerable to these types of attacks includes:  User interface code -- provides the look and feel of the site .  Web server -- supports the physical communication between the user’s browser and the web applications .  Front-end applications -- interfaces directly with the user interface code, and back-end systems .
Common Vulnerabilities Hack attack What hackers use it for ? Cookie Poisoning Identity theft/ Session Hijack Hidden Field Manipulation eShoplifting Parameter Tampering Fraud Buffer Overflow Denial of Service/ Closure of Business Cross-Site Scripting Hijacking/ Identity Theft Backdoor and Debug Trespassing Options Forceful Browsing Breaking and Entering HTTP Response Splitting Phishing, Identity Theft and eGraffiti Known Vulnerabilities Taking control of the site SQL Injection Manipulation of DB information Broken Authentication Login without authentication/Trespassing Information leakage Trespassing
SQL Injections Securing your script/DB
What is SQL injection?  SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.  The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed.  A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata.  The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the attacker terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.
Exploiting a Basic Vulnerability Consider a web-application deployed by a book retailer that enables users to search books based on author,publisher,etc. Now when the user searches for all the books published by Wiley, the application performs the following query:- SELECT * FROM books WHERE publisher = ‘WILEY’; This part comprises of the sql keywords and names Item of DATA supplied of tables and columns within the database. by the USER. All of this was written by the programmer. String data should always be encapsulated within ‘ ‘ in sql queries.
Now consider the following query when the user searches for O’Reilly. SELECT * FROM books WHERE publisher = ‘O’Reilly’; In this case the interpreter would generate an error since Reilly’ is not a valid sql syntax. Hence when an application behaves in such a manner, it is wide open to SQL Injections.
Injecting Into Different Statement Types SELECT statement  SELECT statements are used to retrieve information from the database.  The entry point of SQL injection attacks is normally the WHERE clause of the query, in which the user supplied data is passed to the database to control the scope of the query result.  Since WHERE clause is usually the final component of the query enabling the attacker to use the comment symbol(-- ) to truncate the query to his input without invalidating any syntax.
SELECT * FROM register WHERE uname='' OR 1=1-- ' && pword='abc123‘ ‘OR 1=1--
You are logged in as the first registered user.
INSERT statement  INSERT statements are used to create a new row of data within a table. INSERT INTO users(uname,password,id,priv) VALUES (‘daf’,’secret’,2241,1)  If the username or password fields are vulnerable to SQL injections , the attacker can insert arbitrary values into the database, assign admin privileges to himself, etc.  In case of a complete blind attack, the attacker may not know in advance about the number and type of fields. So he can keep adding additional fields to VALUES until the desired account is created.
UPDATE statement  UPDATE statements are used to modify one or more existing rows of data within a table.  These are used in functions where the user modifies his existing information for eg. Changing contact information, changing password, etc.  It works in a similar way to the INSERT statement except that it has a WHERE clause to tell the database which rows to update. UPDATE users SET password=‘newsecret’ WHERE user = ‘marcus’ and password = ‘secret’ If the function is vulnerable to SQL injections the attacker can bypass the existing password check and change the password
for the admin by entering the query as: UPDATE users SET password=‘newsecret’ WHERE user = ‘admin’-- and password = ‘secret’ This way the password part is ignored. If the attacker uses admin’ OR 1=1 – then the query becomes: UPDATE users SET password=‘newsecret’ WHERE user = ‘admin’ OR 1=1 -- and password = ‘newsecret’ In this case the password of every user is reset to newsecret.
DELETE statement:  DELETE statement is used to delete rows from the specified table.  In this case also the WHERE clause is used to specify which rows to delete. Hence by making changes to the WHERE clause can have far-reaching effects on the database. "SELECT * FROM customers WHERE username ='$name'"; In the above query $name is provided by the user, so when executed it will display the row where username matches the one provided by the user.
SELECT * FROM customers WHERE username =‘anu’ User input
If the user enters a malicious input ,the query becomes: SELECT * FROM CUSTOMER WHERE name='';DELETE FROM customer WHERE 1-- '‘ ‘;DELETE FROM CUSTOMER WHERE 1=1 –‘
The UNION Operator  The UNION operator is used to combine the results of two or more SELECT statements into a single result set.  If there exists a SQL injection vulnerability in the SELECT statement, the attacker can use the UNION operator to perform another query and combine the result with the first one. SELECT * FROM customer WHERE name = ‘$name’ This would return the original result.
SELECT * FROM customer WHERE name = ‘anu’ UNION SELECT id,name FROM product– ‘ ‘UNION SELECT id,name FROM product – ‘
Shows all the rows of the customer table along the data from product table:
NOTE:  When the results of two queries are combined using the UNION operator, the two result sets must have the same structure. SELECT name FROM CUSTOMER WHERE name='' UNION SELECT id,name FROM product-- '' The used SELECT statements have a different number of columns  Also the attacker should know the name of the target database table along-with its relevant column names.
Preventing SQL Injections  Partially effective measures: ◦ Because single quotation marks play an important role in SQL injections, so common approach is to escape any user entered single quotation mark by doubling them up.  The above method proves ineffective when numeric data is being embedded into SQL queries.  Also in second order injections ,when the data that has been inserted using the INSERT query is used in another SQL query. ◦ Using custom stored procedures can also help provide security.  But using them does not guarantee to prevent SQL injections since a procedure can itself contain SQL injection vulnerabilities within its code.  Also if the procedure is invoked in an unsafe way using user-supplied input.
 Parameterized Queries: The construction of queries involving user input is performed two steps: ◦ The application specifies the structure of the query leaving placeholders for each user input. ◦ The application specifies values for the placeholders.
Example: <?php $mysqli = new mysqli("server", "username", "password", "database_name"); // mysqli is a class : represents a relation b/w mysql and PHP $unsafe_variable = $_POST["user-input"]; $stmt = $mysqli->prepare("INSERT INTO table (column) VALUES (?)"); // prepare function used to prepare SQL statement for execution $stmt->bind_param("s", $unsafe_variable); // s means the database expects a string $stmt->execute(); $stmt->close(); $mysqli->close(); // close database connection ?>
 Configuring the PHP Environment : There are various configuration options in the php.ini file that can affect the applications security, such as: ◦ Register Globals : If register_globals option is enabled then PHP creates global variables for all the request parameters. Since it is not required to initialize them before use, they can cause security issues. It has been removed entirely from PHP 6 . ◦ Safe Mode : If safe_mode option is enabled then PHP places restrictions on the use of some functions. For eg. shell_exec function is disabled since it can be used to execute OS commands, the additional_parameters parameter of the mail function is disabled as it can lead to SMTP injection flaws..etc
◦ Magic Quotes : If magic_quotes_gpc option is enabled then single quote, double quote, backslash and NULL characters are automatically escaped using a backslash. If magic_quotes_sybase option is enabled then single quotes are escaped using single quotes. Using magic quotes can alter the user data that does not need escaping, hence the slashes need to be removed using stripslashes function. Magic quotes have been removed from PHP 6.  addslashes You can even perform your own escaping of the required input parameters by passing them through the addslashes function only when required. When using addslashes , if the magic quotes are enabled then this will lead to double escaping (i.e double slashes) which is interpreted as literal backslash, leaving the user input unescaped.
 Mysql_real_escape_string() : It calls the library function mysql_real_escape_string which prepends backslashes to the following characters: x00, n, r, , '," and x1a.
Recent attacks using SQL injections  On February 5, 2011 HBGary, a technology security firm, was broken into by Anonymous using a SQL injection in their CMS-driven website.  On March 27, 2011 mysql.com, the official homepage for MySQL, was compromised by TinKode using SQL blind injection.  On June 27, 2011, Lady Gaga's website was hacked by a group of US cyber attackers called SwagSec and thousands of her fans’ personal details were stolen from her website.  In October, 2011, Malaysian Hacker, managed to extract data from www.canon.com.cn by exploiting a vulnerability he came across. He himself reported the vulnerability to the company within minutes and claiming to have used SQL Injection.
THANK YOU!

Recommended

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionMagno Logan
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacksijsrd.com
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 

Recommended

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionMagno Logan
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacksijsrd.com
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injection
Sql injectionSql injection
Sql injectionSuraj Tiwari
 
Sql
SqlSql
SqlIJASCSE
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention Rejaul Islam Royel
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Sql injection
Sql injectionSql injection
Sql injectionSafwan Hashmi
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
 
E017131924
E017131924E017131924
E017131924IOSR Journals
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 

More Related Content

What's hot

Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention Rejaul Islam Royel
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
 

What's hot (20)

Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql
SqlSql
Sql
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Sql injection
Sql injectionSql injection
Sql injection
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 

Similar to Web application security

Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguageIRJET Journal
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
Web security 2010
Web security 2010Web security 2010
Web security 2010Alok Babu
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security ChampionsPetraVukmirovic
 
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...Rana sing
 
Final review ppt
Final review pptFinal review ppt
Final review pptRana sing
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Siteijtsrd
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017SamsonMuoki
 

Similar to Web application security (20)

E017131924
E017131924E017131924
E017131924
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
ieee
ieeeieee
ieee
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Ijcet 06 10_005
Ijcet 06 10_005Ijcet 06 10_005
Ijcet 06 10_005
 
Web security 2010
Web security 2010Web security 2010
Web security 2010
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
 
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
 
Final review ppt
Final review pptFinal review ppt
Final review ppt
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
 
Code injection
Code injectionCode injection
Code injection
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017
 

More from www.netgains.org

What is a Responsive Website
What is a Responsive WebsiteWhat is a Responsive Website
What is a Responsive Websitewww.netgains.org
 
Introduction to wordpress & theme implementation
Introduction to wordpress & theme implementationIntroduction to wordpress & theme implementation
Introduction to wordpress & theme implementationwww.netgains.org
 

More from www.netgains.org (8)

Exploring iTools
Exploring iToolsExploring iTools
Exploring iTools
 
What is a Responsive Website
What is a Responsive WebsiteWhat is a Responsive Website
What is a Responsive Website
 
Twitter bootstrap1
Twitter bootstrap1Twitter bootstrap1
Twitter bootstrap1
 
Magento
MagentoMagento
Magento
 
Dream weaver
Dream weaverDream weaver
Dream weaver
 
Introduction to wordpress & theme implementation
Introduction to wordpress & theme implementationIntroduction to wordpress & theme implementation
Introduction to wordpress & theme implementation
 
Sessions and cookies
Sessions and cookiesSessions and cookies
Sessions and cookies
 
Introduction to Html5
Introduction to Html5Introduction to Html5
Introduction to Html5
 

Recently uploaded

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Web application security

  • 2. What is a web-application?  Any application that is served commonly via the http or https protocol.  Usually being served from a remote computer acting as the host or the server.
  • 3. Why is Web Application Security Important?  Web applications are used to perform most major tasks or website functions. They include forms that collect personal, classified and confidential information such as medical history, credit and bank account information as well as user satisfaction feedback.  If your organization is legally bound by legislations to protect the privacy and security of personally identifiable information, and hackers can get at this sensitive information, you run the risk of being found guilty of non- compliance.  Almost 75 percent of attacks are tunneling through web applications .  The consequences of a security breach are great: loss of revenues, damage to credibility, legal liability and loss of customer trust.
  • 4.  On average, there are anywhere from 5 to 15 defects per 1,000 lines of code.  A 5-year Pentagon study concluded that it takes an average of 75 minutes to track down one defect.  Fixing one of these defects takes 2 to 9 hours each. That translates to 150 hours, or roughly $30,000, to clean every 1,000 lines of code. • Researching each of the 4,200 vulnerabilities published by CERT for just 10 minutes would have required 1 staffer to research for 17.5 full workweeks or 700 hours.  Gartner Group estimates that a company with 1,000 servers can spend $300,000 to test and deploy a patch; most companies deploy several patches a week.
  • 5. How Hackers Get In ? Browser-based attacks use flaws in the web-based application code. Software most vulnerable to these types of attacks includes:  User interface code -- provides the look and feel of the site .  Web server -- supports the physical communication between the user’s browser and the web applications .  Front-end applications -- interfaces directly with the user interface code, and back-end systems .
  • 6. Common Vulnerabilities Hack attack What hackers use it for ? Cookie Poisoning Identity theft/ Session Hijack Hidden Field Manipulation eShoplifting Parameter Tampering Fraud Buffer Overflow Denial of Service/ Closure of Business Cross-Site Scripting Hijacking/ Identity Theft Backdoor and Debug Trespassing Options Forceful Browsing Breaking and Entering HTTP Response Splitting Phishing, Identity Theft and eGraffiti Known Vulnerabilities Taking control of the site SQL Injection Manipulation of DB information Broken Authentication Login without authentication/Trespassing Information leakage Trespassing
  • 8. What is SQL injection?  SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.  The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed.  A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata.  The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the attacker terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.
  • 9. Exploiting a Basic Vulnerability Consider a web-application deployed by a book retailer that enables users to search books based on author,publisher,etc. Now when the user searches for all the books published by Wiley, the application performs the following query:- SELECT * FROM books WHERE publisher = ‘WILEY’; This part comprises of the sql keywords and names Item of DATA supplied of tables and columns within the database. by the USER. All of this was written by the programmer. String data should always be encapsulated within ‘ ‘ in sql queries.
  • 10. Now consider the following query when the user searches for O’Reilly. SELECT * FROM books WHERE publisher = ‘O’Reilly’; In this case the interpreter would generate an error since Reilly’ is not a valid sql syntax. Hence when an application behaves in such a manner, it is wide open to SQL Injections.
  • 11. Injecting Into Different Statement Types SELECT statement  SELECT statements are used to retrieve information from the database.  The entry point of SQL injection attacks is normally the WHERE clause of the query, in which the user supplied data is passed to the database to control the scope of the query result.  Since WHERE clause is usually the final component of the query enabling the attacker to use the comment symbol(-- ) to truncate the query to his input without invalidating any syntax.
  • 12. SELECT * FROM register WHERE uname='' OR 1=1-- ' && pword='abc123‘ ‘OR 1=1--
  • 13. You are logged in as the first registered user.
  • 14. INSERT statement  INSERT statements are used to create a new row of data within a table. INSERT INTO users(uname,password,id,priv) VALUES (‘daf’,’secret’,2241,1)  If the username or password fields are vulnerable to SQL injections , the attacker can insert arbitrary values into the database, assign admin privileges to himself, etc.  In case of a complete blind attack, the attacker may not know in advance about the number and type of fields. So he can keep adding additional fields to VALUES until the desired account is created.
  • 15. UPDATE statement  UPDATE statements are used to modify one or more existing rows of data within a table.  These are used in functions where the user modifies his existing information for eg. Changing contact information, changing password, etc.  It works in a similar way to the INSERT statement except that it has a WHERE clause to tell the database which rows to update. UPDATE users SET password=‘newsecret’ WHERE user = ‘marcus’ and password = ‘secret’ If the function is vulnerable to SQL injections the attacker can bypass the existing password check and change the password
  • 16. for the admin by entering the query as: UPDATE users SET password=‘newsecret’ WHERE user = ‘admin’-- and password = ‘secret’ This way the password part is ignored. If the attacker uses admin’ OR 1=1 – then the query becomes: UPDATE users SET password=‘newsecret’ WHERE user = ‘admin’ OR 1=1 -- and password = ‘newsecret’ In this case the password of every user is reset to newsecret.
  • 17. DELETE statement:  DELETE statement is used to delete rows from the specified table.  In this case also the WHERE clause is used to specify which rows to delete. Hence by making changes to the WHERE clause can have far-reaching effects on the database. "SELECT * FROM customers WHERE username ='$name'"; In the above query $name is provided by the user, so when executed it will display the row where username matches the one provided by the user.
  • 18. SELECT * FROM customers WHERE username =‘anu’ User input
  • 19. If the user enters a malicious input ,the query becomes: SELECT * FROM CUSTOMER WHERE name='';DELETE FROM customer WHERE 1-- '‘ ‘;DELETE FROM CUSTOMER WHERE 1=1 –‘
  • 20. The UNION Operator  The UNION operator is used to combine the results of two or more SELECT statements into a single result set.  If there exists a SQL injection vulnerability in the SELECT statement, the attacker can use the UNION operator to perform another query and combine the result with the first one. SELECT * FROM customer WHERE name = ‘$name’ This would return the original result.
  • 21. SELECT * FROM customer WHERE name = ‘anu’ UNION SELECT id,name FROM product– ‘ ‘UNION SELECT id,name FROM product – ‘
  • 22. Shows all the rows of the customer table along the data from product table:
  • 23. NOTE:  When the results of two queries are combined using the UNION operator, the two result sets must have the same structure. SELECT name FROM CUSTOMER WHERE name='' UNION SELECT id,name FROM product-- '' The used SELECT statements have a different number of columns  Also the attacker should know the name of the target database table along-with its relevant column names.
  • 24. Preventing SQL Injections  Partially effective measures: ◦ Because single quotation marks play an important role in SQL injections, so common approach is to escape any user entered single quotation mark by doubling them up.  The above method proves ineffective when numeric data is being embedded into SQL queries.  Also in second order injections ,when the data that has been inserted using the INSERT query is used in another SQL query. ◦ Using custom stored procedures can also help provide security.  But using them does not guarantee to prevent SQL injections since a procedure can itself contain SQL injection vulnerabilities within its code.  Also if the procedure is invoked in an unsafe way using user-supplied input.
  • 25. Parameterized Queries: The construction of queries involving user input is performed two steps: ◦ The application specifies the structure of the query leaving placeholders for each user input. ◦ The application specifies values for the placeholders.
  • 26. Example: <?php $mysqli = new mysqli("server", "username", "password", "database_name"); // mysqli is a class : represents a relation b/w mysql and PHP $unsafe_variable = $_POST["user-input"]; $stmt = $mysqli->prepare("INSERT INTO table (column) VALUES (?)"); // prepare function used to prepare SQL statement for execution $stmt->bind_param("s", $unsafe_variable); // s means the database expects a string $stmt->execute(); $stmt->close(); $mysqli->close(); // close database connection ?>
  • 27. Configuring the PHP Environment : There are various configuration options in the php.ini file that can affect the applications security, such as: ◦ Register Globals : If register_globals option is enabled then PHP creates global variables for all the request parameters. Since it is not required to initialize them before use, they can cause security issues. It has been removed entirely from PHP 6 . ◦ Safe Mode : If safe_mode option is enabled then PHP places restrictions on the use of some functions. For eg. shell_exec function is disabled since it can be used to execute OS commands, the additional_parameters parameter of the mail function is disabled as it can lead to SMTP injection flaws..etc
  • 28. ◦ Magic Quotes : If magic_quotes_gpc option is enabled then single quote, double quote, backslash and NULL characters are automatically escaped using a backslash. If magic_quotes_sybase option is enabled then single quotes are escaped using single quotes. Using magic quotes can alter the user data that does not need escaping, hence the slashes need to be removed using stripslashes function. Magic quotes have been removed from PHP 6.  addslashes You can even perform your own escaping of the required input parameters by passing them through the addslashes function only when required. When using addslashes , if the magic quotes are enabled then this will lead to double escaping (i.e double slashes) which is interpreted as literal backslash, leaving the user input unescaped.
  • 29. Mysql_real_escape_string() : It calls the library function mysql_real_escape_string which prepends backslashes to the following characters: x00, n, r, , '," and x1a.
  • 30. Recent attacks using SQL injections  On February 5, 2011 HBGary, a technology security firm, was broken into by Anonymous using a SQL injection in their CMS-driven website.  On March 27, 2011 mysql.com, the official homepage for MySQL, was compromised by TinKode using SQL blind injection.  On June 27, 2011, Lady Gaga's website was hacked by a group of US cyber attackers called SwagSec and thousands of her fans’ personal details were stolen from her website.  In October, 2011, Malaysian Hacker, managed to extract data from www.canon.com.cn by exploiting a vulnerability he came across. He himself reported the vulnerability to the company within minutes and claiming to have used SQL Injection.