• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Protecting Your Web SiteFrom SQL Injection & XSS
 

Protecting Your Web Site From SQL Injection & XSS

on

  • 5,843 views

The UNM Information Architects and the UNM Arts LAB invite you to to a presentation by ABQ Web Geeks' own Chris Kenworthy at the UNM SUB this Wednesday the 27th of August....

The UNM Information Architects and the UNM Arts LAB invite you to to a presentation by ABQ Web Geeks' own Chris Kenworthy at the UNM SUB this Wednesday the 27th of August.
Chris will be discussing SQL Injection and Cross Site Scripting Vulnerabilities.

These types of attacks against websites are both common and potentially devastating. Chris will bring us up to speed on them and give us some tips on how to prevent them.

Please mark your calendars for Wednesday, August 27 from 10:00 - 11:30 at the UNM Student Union Building, Lobo Rooms A & B.

Statistics

Views

Total Views
5,843
Views on SlideShare
5,824
Embed Views
19

Actions

Likes
1
Downloads
221
Comments
0

3 Embeds 19

http://www.slideshare.net 12
https://www.linkedin-ei.com 4
http://www.linkedin.com 3

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Protecting Your Web SiteFrom SQL Injection & XSS Protecting Your Web Site From SQL Injection & XSS Presentation Transcript

    • Protecting Your Web Site From SQL Injection & XSS This year, over 500,000 web pages were defaced by a malicious SQL Injection… Chris Kenworthy </dream.in.code>® August 27, 2008
    • SQL Injections
    • What is SQL?  Structured Query Language  Used to retrieve and manage data in relational databases  Chances are your organization is using SQL  Example: SELECT firstName, lastName FROM users WHERE userID = ‘chris’;
    • What is a SQL Injection?  A common security vulnerability  Occurs when unfiltered input is executed  Easily prevented  Example of Vulnerability: http://www.example.com/login.php?UserID=chris SELECT firstName, lastName FROM users WHERE userID = ‘” + $UserID + “’
    • Example of an Attack  Original Query: SELECT firstName, lastName FROM users WHERE userID = ‘” + $UserID + “’;  Set $UserID to: nobody’ OR ‘a’ = ‘a  Result: SELECT firstName, lastName FROM users WHERE userID = ‘nobody’ OR ‘a’ = ‘a’;
    • The Impact  Query always returns true  Attacker authenticates as first user in database  Possible Impacts:  False authentication  Permissions escalation  Information disclosure  Identity theft  More…
    • Example of an Attack  Original Query: SELECT firstName, lastName FROM users WHERE userID=‘” + $UserID + “’;  Set $UserID to: x’; DROP TABLE users; --  Result: SELECT firstName, lastName FROM users WHERE userID=‘x’; DROP TABLE users;--’;
    • The Impact  Attacker deletes entire users table!  Possible Impacts:  Loss of data  Data manipulation  Data insertion  Virus/Malware distribution  Total database destruction  More…
    • Preventing SQL Injection  Sanitize the input  Enforce data types (i.e. numeric, string, etc.)  Use parameterized statements  Use stored procedures  Limit permissions  Install an application firewall (my favorite)  Apache: mod_security (w/ Core Rules)  IIS: URLScan 3.0 (Beta)
    • Cross Site Scripting
    • What is XSS?  XSS (Cross Site Scripting)  Allows execution of arbitrary code  Often involves tricking the end user  Over 70% of web sites may be vulnerable  Example: <<SCRIPT>alert("XSS");//<</SCRIPT>
    • How Does XSS Work?  Scenario 1:  You get an email with a URL that looks like this: http://www.domain.com/index.php?userid =%3C%3C%53%43%52%49%50%54%3E%61%6C%65%72%7  You click it and the web page outputs the userid variable resulting in this:
    • How Does XSS Work?  Scenario 2:  There is a comment form on a web page. You paste this string in to the form: <<SCRIPT>alert("XSS");//<</SCRIPT>  Now every user that visits that page will see this:
    • Why Does It Work?  Inputs are displayed as HTML instead of character entities:  Cookies are not secured  Sessions can be hijacked
    • The Impact of XSS  Identify Theft  Malware  Session Hijacking  User impersonation  Redirection  Misinformation
    • Preventing XSS Attacks  Convert all inputs to HTML character entities before outputting to the screen  Secure cookies using the httpOnly attribute  Associate sessions with IP addresses  Install an application firewall (again, my favorite)  Educate users!  Don’t click links in emails you don’t recognize  Don’t fill out forms from links in emails
    • Resources  Scrawlr – Find SQL injection vulnerabilities in your site  Mod_security – Web application firewall (Apache)  URLScan – Web application firewall (IIS)  XSS Examples
    • Closing Thoughts  If you have a web site, you will be attacked  Don’t trust developers to secure their code  Use an application firewall if possible  Be proactive
    • Questions? Comic from XKCD: http://xkcd.com/327/